Fortinet black logo

Removable media access

Removable media access

The following lists removable media access attributes:

<forticlient_configuration>

<removable_media_access>

<enabled>0</enabled>

<show_bubble_notifications>1</show_bubble_notifications>

<use_system_builtin_policy>0</use_system_builtin_policy>

<rules>

<rule uid="<UID>">

<description>Mouse23</description>

<type>simple</type>

<class>Mouse</class>

<manufacturer>Microsoft</manufacturer>

<vid>1B36</vid>

<pid>000D</pid>

<rev>0001</rev>

<action>block</action>

</rule>

</rules>

<action>allow</action>

</removable_media_access>

</forticlient_configuration>

The following table provides the XML tags for removable media access, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<enabled>

Control access to removable media devices, such as USB drives.

Boolean value: [0 | 1]

0

<show_bubble_notifications>

Display bubble notifications when FortiClient blocks removable media access.

Boolean value: [0 | 1]

1

<use_system_builtin_policy>

Configure whether FortiClient uses the system's built-in policy regarding removable media devices.

Boolean value: [0 | 1]

0

<action>

Configure the action to take with removable media devices that do not match any configured rules. Available options are:

  • allow: Allow access to removable media devices connected to the endpoint that do not match any configured rules.
  • deny: Deny access to removable media devices connected to the endpoint that do not match any configured rules.
  • monitor: Log removable media device connections to the endpoint that do not match any configured rules.

allow

<rules><rule> elements

You can configure rules to allow or block specific removable devices. For a removable device that does not match any defined rule, FortiClient applies the <action> outside the <rules> element.

For the <class>, <manufacturer>, <vid>, <pid>, and <rev> elements, you can find the desired values for the device in one of the following ways:

  • Microsoft Windows Device Manager: select the device and view its properties.

  • USBDeview

<description>

Enter the desired rule description.

<type>

Enter simple or regex for the rule type.

When regex is entered, FortiClient accepts regular expressions for the <manufacturer> element. This supports Perl Compatible Regular Expressions.

<class>

Enter the device class.

<manufacturer>

Enter the device manufacturer.

<vid>

Enter the device version ID.

<pid>

Enter the device product ID.

<rev>

Enter the device revision number.

<action>

Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

  • allow: Allow access to removable media devices connected to the endpoint that match this rule.
  • deny: Deny access to removable media devices connected to the endpoint that match this rule.
  • monitor: Log removable media device connections to the endpoint that match this rule.

Removable media access

The following lists removable media access attributes:

<forticlient_configuration>

<removable_media_access>

<enabled>0</enabled>

<show_bubble_notifications>1</show_bubble_notifications>

<use_system_builtin_policy>0</use_system_builtin_policy>

<rules>

<rule uid="<UID>">

<description>Mouse23</description>

<type>simple</type>

<class>Mouse</class>

<manufacturer>Microsoft</manufacturer>

<vid>1B36</vid>

<pid>000D</pid>

<rev>0001</rev>

<action>block</action>

</rule>

</rules>

<action>allow</action>

</removable_media_access>

</forticlient_configuration>

The following table provides the XML tags for removable media access, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<enabled>

Control access to removable media devices, such as USB drives.

Boolean value: [0 | 1]

0

<show_bubble_notifications>

Display bubble notifications when FortiClient blocks removable media access.

Boolean value: [0 | 1]

1

<use_system_builtin_policy>

Configure whether FortiClient uses the system's built-in policy regarding removable media devices.

Boolean value: [0 | 1]

0

<action>

Configure the action to take with removable media devices that do not match any configured rules. Available options are:

  • allow: Allow access to removable media devices connected to the endpoint that do not match any configured rules.
  • deny: Deny access to removable media devices connected to the endpoint that do not match any configured rules.
  • monitor: Log removable media device connections to the endpoint that do not match any configured rules.

allow

<rules><rule> elements

You can configure rules to allow or block specific removable devices. For a removable device that does not match any defined rule, FortiClient applies the <action> outside the <rules> element.

For the <class>, <manufacturer>, <vid>, <pid>, and <rev> elements, you can find the desired values for the device in one of the following ways:

  • Microsoft Windows Device Manager: select the device and view its properties.

  • USBDeview

<description>

Enter the desired rule description.

<type>

Enter simple or regex for the rule type.

When regex is entered, FortiClient accepts regular expressions for the <manufacturer> element. This supports Perl Compatible Regular Expressions.

<class>

Enter the device class.

<manufacturer>

Enter the device manufacturer.

<vid>

Enter the device version ID.

<pid>

Enter the device product ID.

<rev>

Enter the device revision number.

<action>

Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

  • allow: Allow access to removable media devices connected to the endpoint that match this rule.
  • deny: Deny access to removable media devices connected to the endpoint that match this rule.
  • monitor: Log removable media device connections to the endpoint that match this rule.