11.5.1
Released October 22nd, 2024
New features and enhancements in 11.5.1
This release delivers the following new features and enhancements.
Enhanced content inspection
The FortiDLP Agent's data extraction and identification engine has been optimized for both present and future content inspection capabilities.
The engine now safeguards sensitive information more effectively and efficiently—with improved pattern and keyword/keyphrase matching. It also removes OS dependencies for extracting information from files. For example, Windows content-aware print monitoring no longer requires the XPS Viewer IFilter to be installed on computers.
Resolved issues in 11.5.1
This release provides fixes for the following issues.
| Fortinet identifier | Affected OS(s) | Description |
|---|---|---|
| 13467 | Windows | When the Sensitive content copied and pasted to application policy template was enabled, copying sensitive text to the clipboard and then clearing it, and then subsequently copying and pasting a non-sensitive file to an application generated a detection. |
| 16370, 16360 | macOS | Where a policy was first configured to block a USB storage device and later reconfigured to allow the device, the device remained blocked until the Agent was restarted. |
| 8547 | macOS | Previously, content inspection keyphrases expected to match spaces could not be matched to files or email attachments. Words were separated and matched individually. |
| 16439 | macOS |
A file cloning operation performed using certain applications, such as Telegram, was previously only reported as one file open event for the new file that was created. This prevented policies from triggering, including the File uploaded to instant messaging application out-of-box template. Now, the Agent also reports a file open event for the source file from which the file was cloned. |
| 15804 | macOS |
Following an upgrade, system extensions sometimes remained in a disconnected state until the device was restarted. When this occurred, the extensions' health components did not report that a restart was required. System extension health reporting has been improved to indicate when a restart is needed to resolve communication issues after an upgrade. |
| Fortinet identifier | Affected OS(s) | Description |
|---|---|---|
| 16751 | All | The FortiDLP Browser Extension for Firefox was updated to v3.3.6. |
| 16614 | All | When "Extended preloading" mode was enabled in Google Chrome, the FortiDLP Browser Extension occasionally reported duplicate browser events for frequently visited websites. |
| 16617 | All | For a small number of websites, browser upload events and detections were not reported unless upload blocking policies were enabled. |
| Fortinet identifier | Affected OS(s) | Description |
|---|---|---|
| 16469 | Windows and macOS | Where email blocking policies were not configured and an uncached email attachment was sent, the FortiDLP Email Add-in failed to report the event to the Agent. |
Known limitations in 11.5.1
This release has the following known limitations.
| Fortinet identifier | Affected OS(s) | Description |
|---|---|---|
| 14710 | macOS | Wi-Fi connection events are not supported for macOS 14.5 or later. |
| 14247, 15123 | All |
Browser login account context (Preview), which is provided via the User account domains policy template parameter), is not recognized for password-free logins, where a one-time code, face, fingerprint, pin, or security key is used for authentication. Such logins will be reported as unknown logins. If the User account domains parameter is set, you can generate detections when activities associated with unknown logins occur by turning the Monitor unknown user accounts toggle on during template configuration. For details, refer to the FortiDLP Policies Reference Guide. |
| 15467 | Windows | Content inspection cannot be performed on all of or parts of a file that have been converted into image format. This applies to most print jobs sent from a browser, as the entire print job is often an image file, and sometimes applies to PDFs that are created via the print to/save to PDF operations from a source file having specifically formatted word boundaries. |
| 12150 | Windows and macOS |
The Unauthorized text typed and Unauthorized text typed into website policy templates cannot detect keywords that require the following modifier keys:
|
| 14825 | All |
The insertion of a USB-based SD card device reader into a node will trigger a USB devices event and/or a detection and action(s) (if the Unauthorized USB storage device used policy template is enabled) instead of the insertion of the SD card into the device reader. On Windows, a configuration option is available to alter this behavior, identifying the SD card's insertion into the device reader as the trigger for events, detections, and/or actions. For details, contact Fortinet Support. |
| 13836 | Windows and macOS |
Regex pattern matches cannot be detected by the Unauthorized email sent or received policy template when content that is separated by line breaks is pasted into the email body of New Outlook. This limitation does not apply to Classic Outlook. |
| 12880 | Windows and macOS | Content inspection cannot be performed on files that are not saved locally and are dragged and dropped to browsers or are copied and pasted to browsers. |
| 8267 | Windows and macOS |
Due to a limitation present in Chromium-based browsers, when upload blocking policies are enabled, file directories cannot be uploaded using drag and drop. In this situation, a banner will display to instruct the user to use the file selector instead. |
Operating system support updates in 11.5.1
This release contains the following OS support updates.
New support
- This Agent version provides Preview support for Windows 11 24H2.
Ending support
- This Agent version is the last to support Windows 11 21H2 and Windows 10 21H2 (non-LTS).