How to achieve Print Screen Block Policy for RDP in the FSM/DLP

How to achieve Print Screen Block Policy for RDP in the FSM/DLP



Part.1
How to create:: Block RDP print screen capture condition.
a. Under Policy management/Resource/Endpoint application/MSTSC 
      under MSTSC Select permit or block and deploy.
 




b. Under Policy management/Resource/ Endpoint application group/ create new group RDP block and in edit option add this mstsc.


 


c. Now you can apply these conditions to the particular policy, Hostname, Particular user.

Part.2
1.under Policy management > Dlp policies >Manage policies > Add > Custom Policy.

2. Give condition to a.Monitor all the activities.
                                   b.Couple of conditions such as file properties, fingerprinting..etc according to customer requirement.

3. Give Severity & Action as Severity-Medium Action plan-Block all.

4. We can mention Source as a bunch of users or all users.



5. Provide the  Destination as the Endpoint Applications 

6.Under  Endpoint Applications  edit and add the Predefined condition, which we created to block the RDP print screen capture(Part.1)

    • Related Articles

    • DLP endpoint applications monitoring

      https://www.websense.com/content/support/library/endpoint/v85/dlp_apps/Endpoint%20apps.pdf
    • DLP AD import failed

      We have stopped and disabled the below services. Websense Data Security Manager Server Websense Data Security Message Broker Websense Data Security Batch Server Websense Data Task Scheduler Websense Data Policy Engine Ran the below SQL queries, ...
    • Troubleshoot Crypto Key errors for DLP

      Fix cryptokeys issues with below steps: 1. Login FSM Server with Service Account. 2. Open ca.cer from %dss_home% in a notepad copy the key from end of the file. Example: ...
    • Crypto tool Error in DLP

      > Login DSS manager server with service account credentials          Run > Cmd > Run as administrator          cd %dss_home%          Cryptotool.exe -k 2 -g          (This screenshot helps me to check what was broken, machine.key or ep_cluster.key or ...
    • Used cases demonstrated for Endpoint DLP POC

      The used cases deployed during the POC.