Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    FortiDLP Agent feature matrix

    FortiDLP Agent feature matrix

    The following tables outline the features the Agent supports by OS.

    Monitoring
    Feature Windows macOS Linux
    Applications (foreground vs background changes)

    Application changes are reported, but window changes and window title changes are not
    Browsers (URL visits, downloads, and uploads) (see Web monitoring)
    Clipboard (copies and pastes) (see Clipboard monitoring)

    Browser copies and pastes only
    DNS requests and responses
    Emails (see Email monitoring)

    For Classic Outlook desktop, inbound and outbound emails

    For New Outlook desktop and Outlook on the Web, outbound emails only

    For New Outlook desktop and Outlook on the Web, outbound emails only
    Event Tracing for Windows (ETW)
    File accesses (opens, modifications, closes, moves, renames, and deletions) and executions

    File content inspection (CI)

    Preview support

    File Microsoft sensitivity label inspection (refer to the FortiDLP Administration Guide)

    Preview support

    Email Microsoft sensitivity label inspection (see Email monitoring and refer to the FortiDLP Administration Guide)

    For Classic Outlook desktop, inbound and outbound emails

    For New Outlook desktop and Outlook on the Web, outbound emails only

    For New Outlook desktop and Outlook on the Web, outbound emails only
    Keystrokes (see Keystroke monitoring)
    Locations (Wi-Fi landscaping)
    Logins and failed login attempts

    Logins only
    Networks (TCP connections and disconnections)
    Print jobs (see Print monitoring)
    Process starts
    USB devices (connections and disconnections)
    User activity (idle vs active users)
    Wi-Fi networks (connections and disconnections)

    For macOS 14.4 and earlier only
    Note

    When performing CI, the FortiDLP Agent examines files of interest locally. File contents are not uploaded to the FortiDLP Infrastructure.

    On Windows, CI cannot be performed on documents created using Microsoft Office 2003.
    Note

    On macOS, policies relating to pasting to desktop applications only monitor pastes via keyboard shortcuts.
    Actions
    Feature Windows macOS Linux
    Block browser download

    Preview CI support
    Block browser upload

    Preview CI support
    Block file transfer to USB storage device
    Block outbound email
    Block print job

    Preview CI support
    Block USB storage device
    Display message
    Empty clipboard
    Isolate/Deisolate
    Kill process
    Lock/Unlock
    Make shadow copy
    Reboot
    Request debug bundle
    Request performance report
    Take screenshot
    Previous
    Next

    FortiDLP Agent feature matrix

    FortiDLP Agent feature matrix

    The following tables outline the features the Agent supports by OS.

    Monitoring
    Feature Windows macOS Linux
    Applications (foreground vs background changes)

    Application changes are reported, but window changes and window title changes are not
    Browsers (URL visits, downloads, and uploads) (see Web monitoring)
    Clipboard (copies and pastes) (see Clipboard monitoring)

    Browser copies and pastes only
    DNS requests and responses
    Emails (see Email monitoring)

    For Classic Outlook desktop, inbound and outbound emails

    For New Outlook desktop and Outlook on the Web, outbound emails only

    For New Outlook desktop and Outlook on the Web, outbound emails only
    Event Tracing for Windows (ETW)
    File accesses (opens, modifications, closes, moves, renames, and deletions) and executions

    File content inspection (CI)

    Preview support

    File Microsoft sensitivity label inspection (refer to the FortiDLP Administration Guide)

    Preview support

    Email Microsoft sensitivity label inspection (see Email monitoring and refer to the FortiDLP Administration Guide)

    For Classic Outlook desktop, inbound and outbound emails

    For New Outlook desktop and Outlook on the Web, outbound emails only

    For New Outlook desktop and Outlook on the Web, outbound emails only
    Keystrokes (see Keystroke monitoring)
    Locations (Wi-Fi landscaping)
    Logins and failed login attempts

    Logins only
    Networks (TCP connections and disconnections)
    Print jobs (see Print monitoring)
    Process starts
    USB devices (connections and disconnections)
    User activity (idle vs active users)
    Wi-Fi networks (connections and disconnections)

    For macOS 14.4 and earlier only
    Note

    When performing CI, the FortiDLP Agent examines files of interest locally. File contents are not uploaded to the FortiDLP Infrastructure.

    On Windows, CI cannot be performed on documents created using Microsoft Office 2003.
    Note

    On macOS, policies relating to pasting to desktop applications only monitor pastes via keyboard shortcuts.
    Actions
    Feature Windows macOS Linux
    Block browser download

    Preview CI support
    Block browser upload

    Preview CI support
    Block file transfer to USB storage device
    Block outbound email
    Block print job

    Preview CI support
    Block USB storage device
    Display message
    Empty clipboard
    Isolate/Deisolate
    Kill process
    Lock/Unlock
    Make shadow copy
    Reboot
    Request debug bundle
    Request performance report
    Take screenshot
    Previous
    Next