File sharing cannot be blocked over Remote Desktop Protocol (ms-rdp).
Cause
Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a networked computer.
The ms-rdp characteristics are as follows:
As seen in the above image, the ms-rdp application is capable of transferring files. However, it uses a proprietary form of encryption that is not supported by the Palo Alto Networks firewall. This means that the specific actions occurring within an RDP session cannot be inspected, and the firewall can only be configured to allow or block RDP traffic.
Workaround
Disable file sharing over RDP using Group Policy Objects (GPO) on the end client.