Agent configuration default settings
When considering an Agent's configuration, the order of priority is as follows:
- Infrastructure configuration (Agent configuration groups)
- Local configuration (the Agent's configuration file)
- Agent default.
The following table outlines Agent default settings by Agent version and OS. These default settings will apply if the relevant key is not configured remotely or locally, as stated above.
| Section | Option | Windows | macOS | Linux |
|---|---|---|---|---|
| Actions
|
USB file transfer blocking action | Agent 10.0.1+: Off | Agent 10.2.0+: Off | Not supported |
|
Screenshot action mode |
Agent 3.0.0+: Static |
Agent 3.0.0+: Static |
Not supported |
|
| Archiving | Auto-archive duplicate Agents | All Agents: Off | All Agents: Off | All Agents: Off |
| Auto-archive inactive Agents | All Agents: Off | All Agents: Off | All Agents: Off | |
| Agent-initiated legacy email plugin installation |
Agent 7.7.0–7.8.1: On Agent 7.9.1+: Off |
Not supported | Not supported | |
| Email monitoring |
Agent 7.0.3 & 7.0.4: Off Agent 7.0.0, 7.0.1, & 7.1.2+: On |
Agent 7.3.1+: On | Not supported | |
| Input | Keystroke monitoring | Agent 5.1.0+: Off | Agent 5.1.0+: Off | Not supported |
| Clipboard monitoring | Agent 6.0.3+: Off | Agent 6.0.3+: Off | Not supported | |
| Performance | Agent performance monitoring | Agent 8.6.0+: Off | Agent 8.6.0+: Off | Agent 8.6.0+: Off |
| Printing | Print monitoring | Agent 10.4.0+: Legacy | Agent 10.2.0+: On | Agent 10.2.0+: On |
| Process exclusion | Windows anti-malware process name exclusion | Agent 7.11.2+: Off (monitor all) | Agent 8.0.1+: Off (monitor all) | Agent 7.11.2+: Off (monitor all) |
| Process name exclusion | Agent 7.11.2+: Off (monitor all) | Agent 8.0.1+: Off (monitor all) | Agent 7.11.2+: Off (monitor all) | |
| Process path exclusion | Agent 7.11.2+: Off (monitor all) | Agent 8.0.1+: Off (monitor all) | Agent 7.11.2+: Off (monitor all) | |
| Process hash (SHA-256) exclusion | Agent 7.11.2+: Off (monitor all) | Agent 8.0.1+: Off (monitor all) | Agent 7.11.2+: Off (monitor all) | |
| Security | GUI Agent uninstallation | Agent 5.1.0+: Allow | Not supported | Not supported |
| Password-protected Agent uninstallation | Agent 7.1.2+: Off | Not supported | Not supported | |
| Agent anti-tampering | Agent 10.2.0+: Off | Not supported | Not supported | |
| Upgrades | Automatic upgrades | All Agents: Off | All Agents: Off | All Agents: Off |
| Add time window | Agent 8.1.0+: Off | Agent 8.1.0+: Off | Agent 8.1.0+: Off | |
| Force upgrade after 2 weeks | Agent 8.7.1+: Off | Agent 8.7.1+: Off | Agent 8.7.1+: Off | |
| Web | Web monitoring | Agent 6.0.2+: On | Agent 6.0.2+: On | Agent 7.5.1+: On |
| Browser DNS over HTTPS (DoH) |
Agent 7.2.3: Off Agent 7.3.1+: Browser default |
Not supported (MDM only)* | Agent 7.5.1+: Browser default | |
|
Browser upload notification |
Agent 7.7.4+: On | Agent 7.7.4+: On | Agent 7.7.4+: On | |
|
Private browsing |
Agent 6.0.2+: Deny | Not supported (MDM only)* | Agent 7.5.1+: Deny | |
| Browser extension installation (Agent v11.1.1 or later) | Agent 11.1.1+: Managed with external tool (for all browsers) | Not supported (MDM only)* | Agent 11.1.1+: Managed with external tool (for all browsers) | |
| Browser extension installation (Agent v11.0.1 or earlier): Agent-managed browser extension installation |
Agent 6.0.2–7.8.1: On Agent 7.9.1+: Off |
Not supported (MDM only)* |
Agent 7.5.1–7.8.1: On Agent 7.9.1+: Off |
|
| WPD device access | Read access for WPD devices | Agent 11.1.1+: Off | Not supported | Not supported |
| Write access for WPD devices | Agent 11.1.1+: Off | Not supported | Not supported |
*For guidance on using MDM profiles to control web functionality for macOS, refer to Installing the FortiDLP Browser Extension on macOS and Bulk deploying the FortiDLP Browser Extension to macOS.