How to achieve Print Screen Block Policy for RDP in the FSM/DLP

How to achieve Print Screen Block Policy for RDP in the FSM/DLP



Part.1
How to create:: Block RDP print screen capture condition.
a. Under Policy management/Resource/Endpoint application/MSTSC 
      under MSTSC Select permit or block and deploy.
 




b. Under Policy management/Resource/ Endpoint application group/ create new group RDP block and in edit option add this mstsc.


 


c. Now you can apply these conditions to the particular policy, Hostname, Particular user.

Part.2
1.under Policy management > Dlp policies >Manage policies > Add > Custom Policy.

2. Give condition to a.Monitor all the activities.
                                   b.Couple of conditions such as file properties, fingerprinting..etc according to customer requirement.

3. Give Severity & Action as Severity-Medium Action plan-Block all.

4. We can mention Source as a bunch of users or all users.



5. Provide the  Destination as the Endpoint Applications 

6.Under  Endpoint Applications  edit and add the Predefined condition, which we created to block the RDP print screen capture(Part.1)

    • Related Articles

    • DLP endpoint applications monitoring

      https://www.websense.com/content/support/library/endpoint/v85/dlp_apps/Endpoint%20apps.pdf

    • DLP AD import failed

      We have stopped and disabled the below services. Websense Data Security Manager Server Websense Data Security Message Broker Websense Data Security Batch Server Websense Data Task Scheduler Websense Data Policy Engine Ran the below SQL queries, ...

    • Crypto tool Error in DLP

      > Login DSS manager server with service account credentials          Run > Cmd > Run as administrator          cd %dss_home%          Cryptotool.exe -k 2 -g          (This screenshot helps me to check what was broken, machine.key or ep_cluster.key or ...

    • Used cases demonstrated for Endpoint DLP POC

      The used cases deployed during the POC.

    • Network Mail stuck in releasing state: Web DLP

      Issue: mail stuck in releasing state. - Verified the CPSBackup is latest. - Took backup of PA_EVENTS_201808** table and PA_EVENT_DESTINATION_201808** table. - Ran below queries and changes the status to Quarantined. UPDATE PA_EVENTS_@PARTITION_INDEX@ ...