Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    WPD device blocking

    WPD device blocking

    Requirements: Windows Agent 11.1.1+.

    WPD devices use the Windows Portable Devices system to communicate with Windows computers, and include common personal devices, such as Android phones and digital cameras, that use the Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP).

    To safeguard against data egress, the WPD device access Agent configuration group option allows operators to enforce local Group Policy settings through FortiDLP, denying computers read and/or write access to WPD devices.

    Note

    As per the standard behavior of WPD Devices Group Policy settings, if a WPD device is connected to the computer when an access policy is set to Deny and then set to Allow, the device must be disconnected and reconnected for Allow to take effect.

    WPD Devices Group Policy settings should not be used to control access to iPhone devices, as iTunes does not use the WPD system to access iPhones. If these settings are configured, iPhone devices will be affected in the following ways:

    • If iTunes is not installed on the computer or if it is installed but not used to access the iPhone, write access is always blocked, and read access blocking will work if configured.
    • If iTunes is installed on the computer and used to access the iPhone, WPD Devices Group Policy settings do not apply, and read and write access is allowed.

    FortiDLP also supports blocking of USB mass storage devices. For more information, refer to the FortiDLP Console User Guide.
    Caution

    We do not recommend using this feature if you also configure local or non-local WPD Devices Group Policy settings outside of FortiDLP, as these may conflict with the Agent's Group Policy setting controls.
    Previous
    Next

    WPD device blocking

    WPD device blocking

    Requirements: Windows Agent 11.1.1+.

    WPD devices use the Windows Portable Devices system to communicate with Windows computers, and include common personal devices, such as Android phones and digital cameras, that use the Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP).

    To safeguard against data egress, the WPD device access Agent configuration group option allows operators to enforce local Group Policy settings through FortiDLP, denying computers read and/or write access to WPD devices.

    Note

    As per the standard behavior of WPD Devices Group Policy settings, if a WPD device is connected to the computer when an access policy is set to Deny and then set to Allow, the device must be disconnected and reconnected for Allow to take effect.

    WPD Devices Group Policy settings should not be used to control access to iPhone devices, as iTunes does not use the WPD system to access iPhones. If these settings are configured, iPhone devices will be affected in the following ways:

    • If iTunes is not installed on the computer or if it is installed but not used to access the iPhone, write access is always blocked, and read access blocking will work if configured.
    • If iTunes is installed on the computer and used to access the iPhone, WPD Devices Group Policy settings do not apply, and read and write access is allowed.

    FortiDLP also supports blocking of USB mass storage devices. For more information, refer to the FortiDLP Console User Guide.
    Caution

    We do not recommend using this feature if you also configure local or non-local WPD Devices Group Policy settings outside of FortiDLP, as these may conflict with the Agent's Group Policy setting controls.
    Previous
    Next