This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rochim
Participant
‎2021-05-20 11:38 PM

can checkpoint possible block file transfer over RDP? (disable clipboard)

Hi all,

rdp can transfer file from server RDP to local laptop/pc. can checkpoint block only transfer file between server RDP with local laptop/pc.

i means normally rdp is we do rdp to server/pc and copy some file and paste to local pc/laptop is success, but i want block feature copy/paste on rdp.

thanks.

0 Kudos
6 Replies
vinceneil666
Advisor
‎2021-05-20 11:44 PM

I am not 100% sure if CP can block this, I think not. But I would still rather fix this in the RDP setup with a GPO or policy or something like that. That will also give you a bit more flexebility if, say, you want some of the sessions to be able to do this.

 

https://serverfault.com/questions/1038954/how-to-block-filetransfer-through-rdp-port-3389

0 Kudos
Alex-
Leader Leader
Leader
‎2021-05-21 01:09 AM

I don't have the possibility to test this for now but could Content Awareness help?

If you make a policy with RDP as service and create a data type with any file type in either direction. You'd have to have RDP inspection enabled in case you do encryption though.

 

EDIT: Tried it but RDP is not in the list of supported protocols for Content Awareness, so it won't work.

 

Preview file
26 KB
Preview file
7 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-23 08:51 AM

Using Native RDP? No.
It is something we can definitely block when accessed through Harmony Connect (specifically the clientless access piece).
Believe you can also block it by accessing through Mobile Access Blade (using Guacamole).

Antonis_Hassiot
Contributor
‎2022-06-08 12:20 AM
In response to PhoneBoy

Is it possible to block using harmony endpoint?

0 Kudos
Antonis_Hassiot
Contributor
‎2022-06-14 05:05 AM
In response to Antonis_Hassiot

To answer my question, it seems possible to control clipboard access on Harmony Endpoint by "restricting" remote access when clipboard setting is enabled in RDP. 

This is controlled by the following registry: HKLM/SOFTWARE\Microsoft\Terminal Server Client\DisableClipboardRedirection. Set REG_DWORD to 1 for disable, 0 for enable clipboard. 

You can create a Compliance->Applications/Files check -> Modify and check registry, input the above key name in the registry value name, check REG_DWORD under "Reg type" and Exist under "Check registry key and value". 

The problem is that it seems the compliance check, goes and checks the wrong registry location. I found that by selecting Action=Update. I found that it updated the following location: HKLM/SOFTWARE\WOW6432Node\Microsoft\Terminal Server Client\DisableClipboardRedirection. So it's adding WOW6432Node in the registry path. 

Any idea on how to resolve this?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-06-15 11:35 AM
In response to Antonis_Hassiot

Sounds like that might be worth a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events