Description | This article describes blocking removable media storage such as external hard drives or pen drives and allowing a mouse/keyboard in EMS. |
Scope | EMS v7.2.x and FortiClient v7.2.x. |
Solution |
An external hard drive or pen drive is classified as class=WPD. It is possible to try to create a rule to block class WPD and allow the Default Removable Media Access or to use one of the following ways to further confirm the desired values details for the media storage device such as Class, PID, and VID.
class type=WPD manufacture=any vid=0781 pid=5567 Action=Block <----- Removed 0x in-front PID&VID. Default Removable Media Access Action=Allow
If the policy does not work as expected, enable debug log on endpoints and provide for TAC further checking or, check on fortiusbmon log from endpoint:
C:\Program Files\Fortinet\FortiClient\logs\trace--> fortiusbmon log
Sample logging:
Reconfigure the policy based on the Windows extracted on the USB details.
Sometimes, the removable access policy does not work as expected due to it detecting multiple class types (e.g. WPD and USB). It is necessary to re-configured the rule based on the details and to try again.
If the policy still does not work as expected, provide the debug log on endpoints to TAC for further checking.
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.