Advanced Agent configuration settings

FortiDLP supports the following optional advanced Agent configuration settings. These settings must be enabled through custom configurations, as described in Creating Agent configuration groups. Contact Fortinet Support for guidance.

Where an advanced Agent configuration setting is not configured in the FortiDLP Console, the Agent default value applies.

The Agent default values below are based on FortiDLP Agent 12.0.2+.

Browser monitoring custom configuration settings
Key name	Description	Example value	Agent default value
`browser_urls_skip_js_injection_upload`	For use only under the direction of Fortinet Support: Disables browser upload events and browser upload blocking for specified websites.	`example1.com, example2.com,example3.com`	All OSs: No default
`browser_urls_skip_js_injection`	For use only under the direction of Fortinet Support: Disables the majority of FortiDLP Browser Extension functionality for specified websites.	`example1.com, example2.com,example3.com`	All OSs: No default
`repair_broken_content_script_comms`	For use only under the direction of Fortinet Support: Repairs FortiDLP Browser Extension communications for Google Chrome following an extension update that will otherwise halt until a page refresh.	`false`	All OSs: `false`

The above settings should only be used until browser monitoring issues are resolved.

Key name

Description

Example value

Agent default value

content_inspection_next_ generation

Enables next-generation content inspection.

true

Windows: true
macOS: true
Linux: false

content_inspection_next_ generation_legacy

Specifies a comma-separated list of file MIME types to enable legacy content inspection for.

application/vnd. openxmlformats-officedocument. wordprocessingml. document

All OSs: No default

enable_content_inspection_ metadata_search

Enables legacy or next-generation content inspection of file metadata for Windows.

false

Windows: false
macOS: Not supported
Linux: Not supported

content_inspection_next_ generation_metadata

Enables next-generation content inspection of file metadata for all OSs.

true

All OSs: true

content_inspection_next_ generation_keyword

Enables next-generation content inspection of keywords.

true

All OSs: true

content_inspection_next_
generation_exclude

Specifies a comma-separated list of file MIME types to exclude from next-generation content inspection.

This will prevent file content and metadata from being inspected but will not prevent the inspection of Microsoft sensitivity labels.

If set, this configuration will take precedence over policy configurations.

application/x-ole-storage, application/x-msi

All OSs: No default

content_inspection_next_
generation_search_limit

Defines the maximum size of a file in bytes to perform next-generation content inspection on. If a file is larger than this, content inspection will stop when the limit is reached and any matches made before this will be reported.

A value of 0 can be used to place no limit on the number of bytes that can be inspected.

10000

All OSs: 0 (no limit)

content_inspection_next_
generation_timeout

Defines the maximum amount of time for next-generation content inspection to run.

A time value is a number followed by a unit suffix. Valid units are "s" (seconds), "m" (minutes), and "h" (hours).

30s or 1m10s

All OSs: 60s

Key name

Description

Example value

Agent default value

file_shadow_file_size_max

Defines the maximum size of a file for which a shadow copy can be created.

A size value is a number followed by a unit suffix, with our without a space between them. Valid units are "B", "KB", "MB", "GB", "TB", "PB", and "EB". You can also use the long format of units, such as "kilobyte" or "kilobytes".

To avoid shadow copy failures, ensure the maximum file size here does not exceed the maximum file size configured for your storage bucket.

1024GB

All OSs: 100MB

file_shadow_storage_size_max

Defines the maximum size of local storage that can be used to store shadow copies if there is an issue connecting to the storage bucket.

Shadow copies are removed from local storage when the connection is restored.

2GB

All OSs: 1GB

These settings are typically configured at the tenant level in Admin settings > File shadowing.

File MIME type identification custom configuration settings
Key name	Description	Example value	Agent default value
`mime_enable`	Enables file MIME type identification.	`true`	All OSs: `true`
`mime_cache_size`	Defines the maximum number of files that can be stored in the in-memory cache to improve MIME type identification performance.	`10000`	All OSs: `10240`

After configuring file MIME type identification settings, the Agent must be restarted for the change to take effect.

Performance report custom configuration settings
Key name	Description	Example value	Agent default value
`cpu_lite_performance_ diagnostic_bundle_limit`	Defines the CPU percentage that, when exceeded by the Agent, automatically generates a standard performance report.	`10`	All OSs: `20`
`cpu_performance_diagnostic_ bundle_limit`	Defines the CPU percentage that, when exceeded by the Agent, automatically generates an advanced performance report.	`30`	All OSs: `50`
`memory_lite_performance_ diagnostic_bundle_limit`	Defines the memory usage percentage that, when exceeded by the Agent, automatically generates a standard performance report.	`10`	All OSs: `20`
`memory_performance_ diagnostic_bundle_limit`	Defines the memory usage percentage that, when exceeded by the Agent, automatically generates an advanced performance report.	`20`	All OSs: `40`

USB file transfer blocking custom configuration settings
Key name	Description	Example value	Agent default value
`usb_blocking_file_size_max`	Defines the maximum size of a file that can be blocked from being transferred to a USB storage device when a policy is violated. Files larger than the specified size will not be blocked even if the transfer is deemed unauthorized. A size value is a number followed by a unit suffix, with our without a space between them. Valid units are "B", "KB", "MB", "GB", "TB", "PB", and "EB". You can also use the long format of units, such as "kilobyte" or "kilobytes". A value of `0` can be used to place no size limit on files that can be blocked.	`1024GB`	Windows: `0` (no limit) macOS: Not supported Linux: Not supported

Anti-tampering custom configuration settings
Key name	Description	Example value	Agent default value
`tamper_process_protection_ enable`	For use only under the direction of Fortinet Support: Prevents tampering of Agent processes.	`true`	Windows: `true` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_ enable`	For use only under the direction of Fortinet Support: Enables verbose debug logging when tamper protection is turned on.	`false`	Windows: `false` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_all_ enable`	For use only under the direction of Fortinet Support: Enables an extended version of verbose debug logging when tamper protection is turned on.	`false`	Windows: `false` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_ specific_executables`	For use only under the direction of Fortinet Support: Specifies a comma-separated list of canonical file paths for executables verbose debug logging should be enabled for.	`c:\dev\my_app.exe, c:\dev\test.exe`	Windows: No default macOS: Not supported Linux: Not supported

Advanced Agent configuration settings

Where an advanced Agent configuration setting is not configured in the FortiDLP Console, the Agent default value applies.

The Agent default values below are based on FortiDLP Agent 12.0.2+.

Browser monitoring custom configuration settings
Key name	Description	Example value	Agent default value
`browser_urls_skip_js_injection_upload`	For use only under the direction of Fortinet Support: Disables browser upload events and browser upload blocking for specified websites.	`example1.com, example2.com,example3.com`	All OSs: No default
`browser_urls_skip_js_injection`	For use only under the direction of Fortinet Support: Disables the majority of FortiDLP Browser Extension functionality for specified websites.	`example1.com, example2.com,example3.com`	All OSs: No default
`repair_broken_content_script_comms`	For use only under the direction of Fortinet Support: Repairs FortiDLP Browser Extension communications for Google Chrome following an extension update that will otherwise halt until a page refresh.	`false`	All OSs: `false`

The above settings should only be used until browser monitoring issues are resolved.

Key name

Description

Example value

Agent default value

content_inspection_next_ generation

Enables next-generation content inspection.

true

Windows: true
macOS: true
Linux: false

content_inspection_next_ generation_legacy

Specifies a comma-separated list of file MIME types to enable legacy content inspection for.

application/vnd. openxmlformats-officedocument. wordprocessingml. document

All OSs: No default

enable_content_inspection_ metadata_search

Enables legacy or next-generation content inspection of file metadata for Windows.

false

Windows: false
macOS: Not supported
Linux: Not supported

content_inspection_next_ generation_metadata

Enables next-generation content inspection of file metadata for all OSs.

true

All OSs: true

content_inspection_next_ generation_keyword

Enables next-generation content inspection of keywords.

true

All OSs: true

content_inspection_next_
generation_exclude

Specifies a comma-separated list of file MIME types to exclude from next-generation content inspection.

This will prevent file content and metadata from being inspected but will not prevent the inspection of Microsoft sensitivity labels.

If set, this configuration will take precedence over policy configurations.

application/x-ole-storage, application/x-msi

All OSs: No default

content_inspection_next_
generation_search_limit

A value of 0 can be used to place no limit on the number of bytes that can be inspected.

10000

All OSs: 0 (no limit)

content_inspection_next_
generation_timeout

Defines the maximum amount of time for next-generation content inspection to run.

A time value is a number followed by a unit suffix. Valid units are "s" (seconds), "m" (minutes), and "h" (hours).

30s or 1m10s

All OSs: 60s

Key name

Description

Example value

Agent default value

file_shadow_file_size_max

Defines the maximum size of a file for which a shadow copy can be created.

To avoid shadow copy failures, ensure the maximum file size here does not exceed the maximum file size configured for your storage bucket.

1024GB

All OSs: 100MB

file_shadow_storage_size_max

Defines the maximum size of local storage that can be used to store shadow copies if there is an issue connecting to the storage bucket.

Shadow copies are removed from local storage when the connection is restored.

2GB

All OSs: 1GB

These settings are typically configured at the tenant level in Admin settings > File shadowing.

File MIME type identification custom configuration settings
Key name	Description	Example value	Agent default value
`mime_enable`	Enables file MIME type identification.	`true`	All OSs: `true`
`mime_cache_size`	Defines the maximum number of files that can be stored in the in-memory cache to improve MIME type identification performance.	`10000`	All OSs: `10240`

After configuring file MIME type identification settings, the Agent must be restarted for the change to take effect.

Performance report custom configuration settings
Key name	Description	Example value	Agent default value
`cpu_lite_performance_ diagnostic_bundle_limit`	Defines the CPU percentage that, when exceeded by the Agent, automatically generates a standard performance report.	`10`	All OSs: `20`
`cpu_performance_diagnostic_ bundle_limit`	Defines the CPU percentage that, when exceeded by the Agent, automatically generates an advanced performance report.	`30`	All OSs: `50`
`memory_lite_performance_ diagnostic_bundle_limit`	Defines the memory usage percentage that, when exceeded by the Agent, automatically generates a standard performance report.	`10`	All OSs: `20`
`memory_performance_ diagnostic_bundle_limit`	Defines the memory usage percentage that, when exceeded by the Agent, automatically generates an advanced performance report.	`20`	All OSs: `40`

USB file transfer blocking custom configuration settings
Key name	Description	Example value	Agent default value
`usb_blocking_file_size_max`	Defines the maximum size of a file that can be blocked from being transferred to a USB storage device when a policy is violated. Files larger than the specified size will not be blocked even if the transfer is deemed unauthorized. A size value is a number followed by a unit suffix, with our without a space between them. Valid units are "B", "KB", "MB", "GB", "TB", "PB", and "EB". You can also use the long format of units, such as "kilobyte" or "kilobytes". A value of `0` can be used to place no size limit on files that can be blocked.	`1024GB`	Windows: `0` (no limit) macOS: Not supported Linux: Not supported

Anti-tampering custom configuration settings
Key name	Description	Example value	Agent default value
`tamper_process_protection_ enable`	For use only under the direction of Fortinet Support: Prevents tampering of Agent processes.	`true`	Windows: `true` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_ enable`	For use only under the direction of Fortinet Support: Enables verbose debug logging when tamper protection is turned on.	`false`	Windows: `false` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_all_ enable`	For use only under the direction of Fortinet Support: Enables an extended version of verbose debug logging when tamper protection is turned on.	`false`	Windows: `false` macOS: Not supported Linux: Not supported
`tamper_verbose_logging_ specific_executables`	For use only under the direction of Fortinet Support: Specifies a comma-separated list of canonical file paths for executables verbose debug logging should be enabled for.	`c:\dev\my_app.exe, c:\dev\test.exe`	Windows: No default macOS: Not supported Linux: Not supported

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

FortiDLP Administration Guide

Advanced Agent configuration settings

Advanced Agent configuration settings

Advanced Agent configuration settings

Advanced Agent configuration settings