Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeoRant
Contributor

Forticlient EMS removable media access

Good day Fortinet Family,

 

I am use to Symantec Endpoint Protection (SEPM) and other security management endpoint applications where i can block USB/removable storage media excluding mouse, keyboard etc as it was easier, especially with SEPM. 

 

How can achieve this with Forticlient EMS 7.2?

 

In my Forticlient admin portal, I am at the section under MALWARE PROTECTION where you can block removable media, but some scary stuff here, when i select "block" it says that keyboard and mouse will be blocked as well LOL. I am also seeing some simple/regular expression fields to fill out some exclusions, I guess. 

Then i came upon this post.

https://www.reddit.com/r/fortinet/comments/mpdtcq/forticlient_ems_never_ever_block_default/

 

I created a test environment with a test policy, profile and OU, adding only one laptop to this and trust me, i applied the block option and NOTHING works on the laptop. 

 

Can someone tell me how to only block removable stage while allowing other important usb devices like the mouse and keyboard?

1 Solution
ozkanaltas
Valued Contributor III

 

FortiClient EMS processes all rules like a firewall about removable media (Up to down). Firstly, you need to allow HID. You can use a class attribute for that. After that, you can configure rules for anything you want to block or allow. For example, you can use it like that.  It should be work that way.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello NeoRant,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
ozkanaltas
Valued Contributor III

 

FortiClient EMS processes all rules like a firewall about removable media (Up to down). Firstly, you need to allow HID. You can use a class attribute for that. After that, you can configure rules for anything you want to block or allow. For example, you can use it like that.  It should be work that way.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
NeoRant

Thank you @ozkanaltas , I did exactly this before seeing this solution. God bless you, you are a master.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors