I am trying to block port 3389 from all external computers, but I can not get this to work.  I setup a program control to block RDP, and I also setup a firewall rule to block TCP/UDP connections to all computers on port 3389.  However, even after making this changes I am still able to connect to the computer through this port.  I also verified that the computer I am connecting from is not in the "Device Trust" list.

Anyone have any thoughts on what else could be overriding these rules?  

Note: I do not want to completely disable RDP through Windows settings.  Once I verify blocking works, I will add a rule allowing connection from 127.0.0.1 and use a SSH tunnel to connect. 

Thanks

Brian