Drag and Drop google drive desktop app block using FortiDLP

Just jumping in here — not a definitive answer, but hopefully this helps shed some light.

What you're experiencing is actually pretty common and expected behavior. Apps like Google Drive for Desktop (googlesyncfs.exe) rely on local sync mechanisms combined with encrypted channels, which means the actual file transfer often won't appear as a standard upload event to FortiDLP.

Here's what's happening under the hood:

• The file gets written to a local sync folder first, then uploaded in the background automatically.
• On top of that, the traffic is typically encrypted (HTTPS), which makes it harder to expose file context clearly.
• Because of this, FortiDLP may not generate logs or match content policies when files are moved via drag-and-drop through the sync client.

So this is less of a "bypass" situation and more of a visibility limitation that comes with sync-based applications.

A few approaches worth considering:

• Directly control or restrict the Google Drive Desktop app itself via application control or endpoint policy
• Apply DLP monitoring on the local sync folder path rather than at the network transfer level
• Shift toward endpoint-based DLP enforcement instead of relying solely on network visibility

If you need to fully block this scenario, it usually takes a combination of two things: application control (blocking or restricting googlesyncfs.exe) and endpoint DLP (file system monitoring).

Would love to know if anyone has managed to achieve full visibility on this through FortiDLP alone — curious if there's a cleaner way.

Regards,