Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andreas_Ahrnby
Contributor

SSL Inspection over RDP

I have successfully enabled https inspection over RDP following sk154752. 

My wondering is what exactly you can “scan” in the RDP traffic?

What I want to do is to scan for Virus when a user plug in a USB drive and transfer files from the client to the TS. 

is it possible? Or does that traffic get encapsulated somehow?

0 Kudos
5 Replies
_Val_
Admin
Admin

In HTTPS rulebase you can specify which software blade are involved in the inspection. If you want to check files transferred through RDP with AVI blade, that will work.

You cannot do local AVI scans through the blade though on the remote RDP machine, if this is what you were looking for. However, if someone is transferring files to it, those files pass AVI scan on the GW

 

Andreas_Ahrnby
Contributor

Thanks for the reply, I have selected the AV blade but still my eicar test files don’t get intercepted. 

the client is connected to the RDP server and using usb redirection. 

on the RDP server I can see the usb drive with my test files and I can copy them to the desktop on the RDP server. 

0 Kudos
_Val_
Admin
Admin

Seems like a support case, please take it with TAC

0 Kudos
_Val_
Admin
Admin

Which format are those files?

0 Kudos
Andreas_Ahrnby
Contributor

Eicar standard format, .com and zipped. It works if I just do regular SMB/Cifs transfer but the AV blade don’t stop them inside RDP.