Help
FortiDLP
FortiDLP is a cloud-native endpoint DLP and Insider Risk Solution which is aimed at monitoring and Preventing Data Theft on the endpoint, across Windows, macOS and Linux.
Anthony_E
Community Manager
Community Manager

Created on ‎10-29-2024 06:39 AM Edited on ‎05-16-2025 02:20 PM By Staff

Article Id 353764

Technical Tip: Group Policy (GPO) Settings are required to avoid conflicts with the FortiDLP Agent

Description This article describes that Group Policy (GPO) Settings are required to avoid conflicts with the FortiDLP Agent.
Scope FortiDLP.
Solution

On Windows, the FortiDLP Agent makes use of the Windows Registry to apply settings for the automatic installation of the following features, depending on the agent configuration settings that have been applied by the FortiDLP platform:

  • Google Chrome browser extension.
  • Edge browser extension.
  • Brave browser extension.
  • Vivaldi browser extension .
  • Chromium browser extension.
  • Firefox browser extension.
  • Outlook plugin.

 

additionally, settings may be applied to:

  • Disable private/incognito browsing (default) on supported browsers.
  • Change the DNS-over-HTTPs settings on supported browsers.
  • Disable agent uninstallation via add/remove programs.
  • Enforce a password entry on agent uninstallation.

 

All of these settings can be controlled via the Agent Configuration page on the FortiDLP Web UI, for example:

 

Anthony_E_0-1730208963091.png

 

In some more complex deployments, this can cause conflicts with settings already being applied via Group Policy.

For example, if a user already has a list of force-installed Chrome extensions via Group policy and does not include the FortiDLP browser extension, then each time a Group policy update is applied, this will delete the requirement for the FortiDLP extension to be present. This could result in a loss of browser activity events.

 

The purpose of this article is to outline all of the settings the FortiDLP agent could be applying automatically, and where each setting should be incorporated into an existing Group Policy setting to avoid conflicts.

Once incorporated into a GPO template, the Agent Configuration settings from the FortiDLP platform should be set to match the settings pushed via Group Policy.

 

Browser Extension Installation:

 

HKLM = HKEY_LOCAL_MACHINE hive

 

Anthony_E_1-1730208963099.png

 

Google chrome: gbojkjpincgojijodbnliimgeggnomai

Edge: ngpldaehnklbpdkphcjafbhajnklkiki

 

Firefox ExtensionSettings JSON object:

 

{"browser-extension@jazznetworks.com":{"install_url":"https://firefoxextension.reveal.nextdlp.com/e528d90e863641e5afbd-firefox-latest.xpi","installation_mode":"force_installed"}}

Disabling Incognito/Private browsing modes

HKLM = HKEY_LOCAL_MACHINE hive

 

Anthony_E_2-1730208963112.png

 

 

Disable DNS-over-HTTPS

HKLM = HKEY_LOCAL_MACHINE hive

 

Anthony_E_3-1730208963121.png

 

 

Install Email plugin (Outlook)

HKLM = HKEY_LOCAL_MACHINE hive

HKCU = HKEY_CURRENT_USER /HKEY_USERS hive

 

Anthony_E_4-1730208963135.png

 

file:///C:\Program Files\Jazz Networks\Agent\Outlook\RevealOutlook.vsto|vstolocal
Labels:
257
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.