Re: SSL Inspection over RDP

Andreas_Ahrnby · ‎2020-06-08

I have successfully enabled https inspection over RDP following sk154752.

My wondering is what exactly you can “scan” in the RDP traffic?

What I want to do is to scan for Virus when a user plug in a USB drive and transfer files from the client to the TS.

is it possible? Or does that traffic get encapsulated somehow?

_Val_ · ‎2020-06-09

In HTTPS rulebase you can specify which software blade are involved in the inspection. If you want to check files transferred through RDP with AVI blade, that will work.

You cannot do local AVI scans through the blade though on the remote RDP machine, if this is what you were looking for. However, if someone is transferring files to it, those files pass AVI scan on the GW

Andreas_Ahrnby · ‎2020-06-09

Thanks for the reply, I have selected the AV blade but still my eicar test files don’t get intercepted.

the client is connected to the RDP server and using usb redirection.

on the RDP server I can see the usb drive with my test files and I can copy them to the desktop on the RDP server.

_Val_ · ‎2020-06-09

Seems like a support case, please take it with TAC

_Val_ · ‎2020-06-09

Which format are those files?

Andreas_Ahrnby · ‎2020-06-09

Eicar standard format, .com and zipped. It works if I just do regular SMB/Cifs transfer but the AV blade don’t stop them inside RDP.

Are you a member of CheckMates?

SSL Inspection over RDP