Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeoRant
Contributor

Created on ‎05-14-2024 01:56 PM

Forticlient EMS removable media access

Good day Fortinet Family,

 

I am use to Symantec Endpoint Protection (SEPM) and other security management endpoint applications where i can block USB/removable storage media excluding mouse, keyboard etc as it was easier, especially with SEPM. 

 

How can achieve this with Forticlient EMS 7.2?

 

In my Forticlient admin portal, I am at the section under MALWARE PROTECTION where you can block removable media, but some scary stuff here, when i select "block" it says that keyboard and mouse will be blocked as well LOL. I am also seeing some simple/regular expression fields to fill out some exclusions, I guess. 

Then i came upon this post.

https://www.reddit.com/r/fortinet/comments/mpdtcq/forticlient_ems_never_ever_block_default/

 

I created a test environment with a test policy, profile and OU, adding only one laptop to this and trust me, i applied the block option and NOTHING works on the laptop. 

 

Can someone tell me how to only block removable stage while allowing other important usb devices like the mouse and keyboard?

Labels:
390
0 Kudos
1 Solution
ozkanaltas
Valued Contributor II

Created on ‎05-17-2024 12:59 AM

 

FortiClient EMS processes all rules like a firewall about removable media (Up to down). Firstly, you need to allow HID. You can use a class attribute for that. After that, you can configure rules for anything you want to block or allow. For example, you can use it like that.  It should be work that way.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
303
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎05-17-2024 12:26 AM

Hello NeoRant,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
309
0 Kudos
ozkanaltas
Valued Contributor II

Created on ‎05-17-2024 12:59 AM

 

FortiClient EMS processes all rules like a firewall about removable media (Up to down). Firstly, you need to allow HID. You can use a class attribute for that. After that, you can configure rules for anything you want to block or allow. For example, you can use it like that.  It should be work that way.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
304
NeoRant
Contributor
In response to ozkanaltas

Created on ‎05-17-2024 06:47 AM

Thank you @ozkanaltas , I did exactly this before seeing this solution. God bless you, you are a master.

266
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.