topic Re: can checkpoint possible block file transfer over RDP? (disable clipboard) in Firewall and Security Management

can checkpoint possible block file transfer over RDP? (disable clipboard)

rochim — Fri, 21 May 2021 06:38:39 GMT

Hi all,

rdp can transfer file from server RDP to local laptop/pc. can checkpoint block only transfer file between server RDP with local laptop/pc.

i means normally rdp is we do rdp to server/pc and copy some file and paste to local pc/laptop is success, but i want block feature copy/paste on rdp.

thanks.

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

vinceneil666 — Fri, 21 May 2021 06:44:46 GMT

I am not 100% sure if CP can block this, I think not. But I would still rather fix this in the RDP setup with a GPO or policy or something like that. That will also give you a bit more flexebility if, say, you want some of the sessions to be able to do this.

https://serverfault.com/questions/1038954/how-to-block-filetransfer-through-rdp-port-3389

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

Alex- — Fri, 21 May 2021 08:17:28 GMT

I don't have the possibility to test this for now but could Content Awareness help?

If you make a policy with RDP as service and create a data type with any file type in either direction. You'd have to have RDP inspection enabled in case you do encryption though.

EDIT: Tried it but RDP is not in the list of supported protocols for Content Awareness, so it won't work.

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

PhoneBoy — Sun, 23 May 2021 15:51:38 GMT

Using Native RDP? No.
It is something we can definitely block when accessed through Harmony Connect (specifically the clientless access piece).
Believe you can also block it by accessing through Mobile Access Blade (using Guacamole).

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

Antonis_Hassiot — Wed, 08 Jun 2022 07:20:47 GMT

Is it possible to block using harmony endpoint?

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

Antonis_Hassiot — Tue, 14 Jun 2022 12:05:18 GMT

To answer my question, it seems possible to control clipboard access on Harmony Endpoint by "restricting" remote access when clipboard setting is enabled in RDP.

This is controlled by the following registry: HKLM/SOFTWARE\Microsoft\Terminal Server Client\DisableClipboardRedirection. Set REG_DWORD to 1 for disable, 0 for enable clipboard.

You can create a Compliance->Applications/Files check -> Modify and check registry, input the above key name in the registry value name, check REG_DWORD under "Reg type" and Exist under "Check registry key and value".

The problem is that it seems the compliance check, goes and checks the wrong registry location. I found that by selecting Action=Update. I found that it updated the following location: HKLM/SOFTWARE\WOW6432Node\Microsoft\Terminal Server Client\DisableClipboardRedirection. So it's adding WOW6432Node in the registry path.

Any idea on how to resolve this?

Re: can checkpoint possible block file transfer over RDP? (disable clipboard)

PhoneBoy — Wed, 15 Jun 2022 18:35:25 GMT

Sounds like that might be worth a TAC case.