Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.1.0 FortiDLP Agent Deployment Guide
    12.1.0
    12.1.0
    12.0.5
    12.0.4
    12.0.2
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    Print monitoring

    Print monitoring

    FortiDLP's print monitoring functionality enables you to track the print activity occurring across your organization and configure detections to be raised for unauthorized print jobs matching various properties. Print jobs are reported before they are received by the printer.

    From version 11.1.1 on Windows, version 10.2.0 on macOS, and version 12.0.0 on Linux, the FortiDLP Agent can perform content inspection on a print job to identify if it contains sensitive information.

    From version 11.2.0 on all OSs, the FortiDLP Agent can block a print job from being sent to the printer, based on configured policy parameters. For more information, refer to the FortiDLP Console User Guide.

    Monitored printers across OSs
    Printer type Supported OS(s) Description
    Local Windows, macOS, and Linux USB-connected, parallel-connected, and serial printers.
    Network Windows, macOS, and Linux Printers that are connected directly over the network, shared printers, and print servers.
    Note

    On Windows, setup is required to enable the Agent to monitor print jobs sent to Windows-shared printers and print servers. For details, see the next section.
    Virtual Windows Print to PDF, OneNote, or XPS.
    Windows enhanced visibility and content-aware print monitoring

    This Windows printing implementation provides enhanced visibility, which monitors a wider range of printers that are sent print jobs, and provides content-aware capabilities, which allow content inspection to be performed.

    Caution

    To ensure this feature works alongside other security tools, configure these tools to exclude the C:\Program Files\Jazz Networks\Agent\spool_shim64.dll process. For more information, see Excluding FortiDLP Agent processes, directories, and files from antivirus scanning.

    Requirements: FortiDLP Agent 11.1.1+ and FortiDLP Policy Templates 6.8.0+. Additionally, the following setup steps are required:

    • The Print monitoring Agent configuration group option must be turned On, as this feature is set to Legacy on the Agent by default. The Legacy Windows printing implementation reports less printing activity and is not content-aware.
    • To enable monitoring of print servers and Windows-shared printers, the steps below must be completed. For detailed instructions, read our article here.
      • Client-side rendering must be enforced.
      • Driver isolation must be set to None.
    • To enable content inspection for FortiDLP Agent 11.4.6 or earlier, the XPS Viewer IFilter must be installed on the computer that is printing. For detailed instructions, read our article here.
    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • Content inspection can only be performed on print jobs that are sent using a v4 printer driver, which includes Microsoft IPP Class Drivers. For guidance with checking which driver your printer uses, read our article here.
    • Content inspection cannot be performed on any part of a print job that has been converted into image format. This applies to most print jobs sent from a browser, as the entire print job is often an image file, and sometimes applies to PDFs that are created via the print to/save to PDF operations on a source file containing specifically formatted word boundaries.
    • For USB-connected printers, no printer unique identifier (UUID) is available.
    • No print process information is available.
    macOS enhanced visibility and content-aware print monitoring

    This macOS printing implementation provides enhanced visibility, which monitors a wide range of printers that are sent print jobs, and provides content-aware capabilities, which allow content inspection to be performed. These features are enabled on the Agent by default.

    Requirements: FortiDLP Agent 10.2.0+ and FortiDLP Policy Templates 6.4.0+.

    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • A print job's number of pages may not always be available, but it is for print jobs from the standard macOS frameworks, which include most GUI apps and some command-line apps.
    • For IPP network printers with hard-coded network addresses (i.e. addresses without service discovery), no printer unique identifier (UUID) is available.
    • Local printers are assigned a UUID. If a local printer is shared, a new printer UUID is created, and this UUID will be reported when devices use the shared printer.
    • No printer UUID or IP address are available for print jobs sent to a printer shared by a Windows computer.
    Linux content-aware print monitoring

    Requirements: FortiDLP Agent 12.1.0+ and FortiDLP Policy Templates 8.3.0+. This feature is enabled on the Agent by default.

    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • For all print jobs, no number of pages is available.
    • For network printers using mDNS service discovery, no IP address is available.
    • For IPP network printers with hard-coded network addresses (i.e. addresses without service discovery), no printer unique identifier (UUID) is available.
    • For USB-connected printers, no printer type or UUID is available.
    • Local printers are assigned a UUID. If a local printer is shared, a new printer UUID is created, and this UUID will be reported when devices use the shared printer.
    • No printer UUID or IP address are available for print jobs sent to a printer shared by a Windows computer.
    Previous
    Next

    Print monitoring

    Print monitoring

    FortiDLP's print monitoring functionality enables you to track the print activity occurring across your organization and configure detections to be raised for unauthorized print jobs matching various properties. Print jobs are reported before they are received by the printer.

    From version 11.1.1 on Windows, version 10.2.0 on macOS, and version 12.0.0 on Linux, the FortiDLP Agent can perform content inspection on a print job to identify if it contains sensitive information.

    From version 11.2.0 on all OSs, the FortiDLP Agent can block a print job from being sent to the printer, based on configured policy parameters. For more information, refer to the FortiDLP Console User Guide.

    Monitored printers across OSs
    Printer type Supported OS(s) Description
    Local Windows, macOS, and Linux USB-connected, parallel-connected, and serial printers.
    Network Windows, macOS, and Linux Printers that are connected directly over the network, shared printers, and print servers.
    Note

    On Windows, setup is required to enable the Agent to monitor print jobs sent to Windows-shared printers and print servers. For details, see the next section.
    Virtual Windows Print to PDF, OneNote, or XPS.
    Windows enhanced visibility and content-aware print monitoring

    This Windows printing implementation provides enhanced visibility, which monitors a wider range of printers that are sent print jobs, and provides content-aware capabilities, which allow content inspection to be performed.

    Caution

    To ensure this feature works alongside other security tools, configure these tools to exclude the C:\Program Files\Jazz Networks\Agent\spool_shim64.dll process. For more information, see Excluding FortiDLP Agent processes, directories, and files from antivirus scanning.

    Requirements: FortiDLP Agent 11.1.1+ and FortiDLP Policy Templates 6.8.0+. Additionally, the following setup steps are required:

    • The Print monitoring Agent configuration group option must be turned On, as this feature is set to Legacy on the Agent by default. The Legacy Windows printing implementation reports less printing activity and is not content-aware.
    • To enable monitoring of print servers and Windows-shared printers, the steps below must be completed. For detailed instructions, read our article here.
      • Client-side rendering must be enforced.
      • Driver isolation must be set to None.
    • To enable content inspection for FortiDLP Agent 11.4.6 or earlier, the XPS Viewer IFilter must be installed on the computer that is printing. For detailed instructions, read our article here.
    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • Content inspection can only be performed on print jobs that are sent using a v4 printer driver, which includes Microsoft IPP Class Drivers. For guidance with checking which driver your printer uses, read our article here.
    • Content inspection cannot be performed on any part of a print job that has been converted into image format. This applies to most print jobs sent from a browser, as the entire print job is often an image file, and sometimes applies to PDFs that are created via the print to/save to PDF operations on a source file containing specifically formatted word boundaries.
    • For USB-connected printers, no printer unique identifier (UUID) is available.
    • No print process information is available.
    macOS enhanced visibility and content-aware print monitoring

    This macOS printing implementation provides enhanced visibility, which monitors a wide range of printers that are sent print jobs, and provides content-aware capabilities, which allow content inspection to be performed. These features are enabled on the Agent by default.

    Requirements: FortiDLP Agent 10.2.0+ and FortiDLP Policy Templates 6.4.0+.

    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • A print job's number of pages may not always be available, but it is for print jobs from the standard macOS frameworks, which include most GUI apps and some command-line apps.
    • For IPP network printers with hard-coded network addresses (i.e. addresses without service discovery), no printer unique identifier (UUID) is available.
    • Local printers are assigned a UUID. If a local printer is shared, a new printer UUID is created, and this UUID will be reported when devices use the shared printer.
    • No printer UUID or IP address are available for print jobs sent to a printer shared by a Windows computer.
    Linux content-aware print monitoring

    Requirements: FortiDLP Agent 12.1.0+ and FortiDLP Policy Templates 8.3.0+. This feature is enabled on the Agent by default.

    Note

    The following limitations apply, and if a configured policy parameter is not available, no detection will be raised for it.

    • For all print jobs, no number of pages is available.
    • For network printers using mDNS service discovery, no IP address is available.
    • For IPP network printers with hard-coded network addresses (i.e. addresses without service discovery), no printer unique identifier (UUID) is available.
    • For USB-connected printers, no printer type or UUID is available.
    • Local printers are assigned a UUID. If a local printer is shared, a new printer UUID is created, and this UUID will be reported when devices use the shared printer.
    • No printer UUID or IP address are available for print jobs sent to a printer shared by a Windows computer.
    Previous
    Next