GFI EndPointSecurity

Networking & Security

Control of USB Sticks, iPods and Other Endpoint Devices


Protect Your Network from Portable Devices such as USB drives, iPods and PDAs

Windows 7According to the Ponemon Institute, 59% of people who lost their job admitted to taking confidential company information with them either on DVD or using USB drives. The proliferation of consumer devices such as iPods, USB devices, Smart Phones and more, has dramatically increased the risk of intentional and unintentional data leaks and other malicious activity. While most companies have antivirus software, firewalls, email and web content security to protect against external threats, few realize how easy it is for an employee to simply walk in and copy large amounts of sensitive data onto an iPod or USB stick. There is also an increased risk of malicious and other illegal software introduction to your network through these devices. Of course your administrator could lock down all ports - an ill-advised, difficult and unsustainable solution.
Windows 2008

Prevent Data Theft and Virus Infection from within with Endpoint Security Software

Many businesses are unaware of, or choose to ignore, the threat presented by portable devices in their network environment until some event, ranging from unfortunate to catastrophic, happens. In hard economic times, cybercrime and data leakage increase, finding an easy target in endpoints. The key to managing portable devices in your business environment is to give your administrators direct control over what devices are in use on your network. With GFI EndPointSecurityTM you not only gain control over what is in use but you also know what has been used and by who, and most importantly you gain in-depth knowledge of what data has been copied.

Control Portable Device Access to Your Network with GFI EndPointSecurity

GFI EndPointSecurity enables administrators to actively manage user access and log the activity of:

  • Media players, including iPods, Creative Zen and others
  • USB drives, CompactFlash, memory cards, CDs, floppies & other portable storage devices
  • PDAs, iPhone, BlackBerry handhelds, mobile phones, smart phones and similar communication devices
  • Network cards, laptops and other network connections.

Why Choose GFI EndPointSecurity?

  • Prevents data leaks and theft by comprehensively controlling access to portable storage devices with minimal administrative effort
  • Prevents introduction of malicious and other unauthorized software to the network
  • Gives administrators greater control - you can block devices by class, file extensions, physical port or device ID from a single location
  • Allows administrators to grant temporary device or port access for a stipulated timeframe
  • Centrally monitors the network, detects connected devices and performs various tasks
  • Automatically protects newly detected computers by deploying an agent and a default blocking policy
  • Can automatically download and install SQL Express if a database server is not available
  • Supports 32 & 64-bit platforms, including Windows 7, Windows Vista and Windows Server 2008 R2.


Dim lights Embed Embed this video on your site



FREEWARE version available

See how vulnerable your organization is to such breaches:

In freeware mode, functionality is limited to monitoring only but there is no limit on the number of agents that can be deployed, so administrators can immediately see what is happening on monitored machines. In order to be able to block the user in real-time, a license needs to be purchased.

How it Works
To control access, GFI EndPointSecurityTM installs a small footprint agent on your user's machine. This agent is only 1.2 MB in size, meaning your user will never know it is there. GFI EndPointSecurity includes a remote deployment tool based on GFI LANguardTM technology, allowing you to deploy the agent to hundreds of machines with just a few clicks. After installation, the agent queries Active Directory when the user logs on and sets permissions to the different nodes accordingly. If the user is not a member of a group that allows access to a particular device or set of devices, then access is blocked.

Manage User Access and Protect Your Network from Portable Devices
Using GFI EndPointSecurity you can centrally disable access to any portable device, preventing both data theft and the introduction of data or software that could be harmful to your network. Although you could block portable storage devices such as CDs and floppy drives from the BIOS of the individual machine, the solution is inconvenient and impractical when applying software or network upgrades. For example, a new software or device installation would require the administrator to physically visit each machine, switch off the computer, temporarily disable protection, perform the install and then re-enable protection. Furthermore any sophisticated user can hack the BIOS, circumventing the security measure altogether. GFI EndPointSecurity allows you to take control over your environment and the access of a wide variety of devices including:

  • Floppy disks
  • CDs and DVD ROMs
  • iPods/iPhones
  • Storage devices
  • Printers
  • PDAs
  • Network adapters
  • Modems
  • Imaging devices
  • And more

Centralized Monitoring
GFI EndPointSecurity incorporates a dedicated node making it possible for administrators to view all computers on a network from a single location. Here, administrators can assign a secondary name to computers, to make it easier to identify them.

Computer Auto-Discovery and Automatic Protection
GFI EndPointSecurity can monitor the network, detect new computers that are connected onto the network, notify the administrator, and perform various tasks as configured by the administrator. For example, the administrator can set automatic detection to occur at pre-set intervals - hourly, daily, weekly, etc. One can also set the scope of the auto discovery, for example, only computers detected on the domain or on the entire network. Once computers are detected, the administrator can choose whether to automatically protect them by deploying a pre-defined policy, or simply to be notified that new computers were detected. If auto-protect is selected, as soon as a computer is detected, the product would automatically install the agent and apply the default policy selected by the administrator.

Supports Windows 7 and BitLockerTo Go
Windows 7 ’s "BitLocker To Go " is designed to encrypt data on removable devices. GFI EndPointSecurity 4.2 can detect devices that are encrypted with BitLocker To Go, and apply different permissions to these devices.

Get Detailed Reports on Device Usage with GFI EndPointSecurity ReportPackTM add-on
The GFI EndPointSecurity ReportPack is a powerful reporting package that adds on for free to GFI EndPointSecurity. This reporting package can be scheduled to automatically generate graphical IT-level or higher level management reports, based on data collected by GFI EndPointSecurity. This gives you the ability to report on devices connected to the network, user activity, endpoint files copied to and from devices (including actual names of files copied), and much more. The latest ReportPack includes enhanced reports that highlight users trying to bypass security policies by renaming file extensions etc.

Windows 7 Support for Tamper-proof Agent
The agent used to control machines has a number of security elements applied to render it tamper-proof. Users are unable to uninstall the agent as it is not published as an installed application. As additional security, uninstall can only be accomplished if a special 128-character ID to unlock the uninstaller is registered. A sample of the other security features includes encryption of the configuration file used by the agent; the automatic regeneration of registry keys and critical files if these are tampered with; and an emergency block mode if the configuration file is corrupt, leaving access to the driver only possible by a system reinstall or using the recovery console.

Log the Activity of Portable Device Access to your Network
USB sticks present a significant threat to your business environment. They are small, easily hidden and can store up to 16 GB of data. Even plugging a digital camera into a USB port gives users access to storage on an SD card. SD cards are available in 32 GB capacity and more; that's a lot of potential for carrying off your data or for exporting infected software onto your network. In addition to blocking access to portable storage media, GFI EndPointSecurity logs device related user activity to both the event log and to a central SQL Server. A list of files that have been accessed on a given device is recorded every time an allowed user plugs in.

Easily Configure Group-based Protection Control via Active Directory
You can categorize computers into protection groups. For each group you may specify the level of protection and portable device access to allow. The ability to group your networked computers is a powerful feature; making, for example, an entire department into one group and then managing the department's setting by managing the group as a single entity. Configuration of GFI EndPointSecurity is effortless and leverages the power of Active Directory. It does not require the administrator to remember and track which policies were deployed to which computers. Many other storage control software requires cumbersome machine by machine administration, forcing you to make the changes on a per-machine basis and then to update the configuration on each machine before the settings take effect. GFI EndPointSecurity does away with all of that.

Advanced Granular Access Control via Whitelists and Blacklists
GFI EndPointSecurity enables you to allow or deny access to a range of device classes, as well as to block files transferred by file extension, by physical port and by device ID (the factory ID that identifies each device). It is also possible to specify users or groups and then manage their access to devices giving them permissions ranging from no access ever, some access to some devices some of the time, and all of the way to full access at all times. GFI EndPointSecurity allows administrators to define a device whitelist and a blacklist allowing only company-approved devices, effectively and easily blocking all others.

Real-time Status Monitoring and Alerts
GFI EndPointSecurity provides real-time status monitoring through its user interface. It displays statistical data through graphical charts, the live status of the agent and more. GFI EndPointSecurity also allows you to send alerts when specific devices are connected to the network. Alerts can be sent to one or more recipients by email, network messages, and SMS notifications sent through an email-to-SMS gateway or service.

Easy Unattended Agent Deployment
GFI EndPointSecurity provides administrators with the ability to automatically schedule agent deployment after a policy or configuration change. If a deployment fails, it is rescheduled until deployed successfully. The GFI EndPointSecurity remote deployment tool can deploy its security agent network-wide in a few minutes and we facilitate Active Directory deployment through MSI.

Permit Temporary Device Access
Temporary access can be granted to users for a device (or group of devices) on a particular computer for a particular timeframe. This can be done even if the GFI EndPointSecurity agent is not connected to the network!

Policy Creation Wizard
To facilitate the creation of security policies, GFI EndPointSecurity includes a wizard to create security policies. Administrators can also create new policies based on existing ones.

Daily/Weekly Digest
An email notification containing activity statistics can be sent on a daily or weekly basis, enabling the recipient to have an overview of, for example, how many files were copied to and from devices, how many may potentially carry malware, etc.

Other Features:

  • Ability to group computers, e.g., by department, by domain, etc.
  • Scan and detect a list of devices that have been used or are currently in use
  • Password protected agents to avoid tampering
  • Set up custom popup messages for users when they are blocked from using a device
  • Browse user activity and device usage logs through a backend database
  • Maintenance function that allows you to delete information that is older than a certain number of days
  • Support for operating systems in any Unicode compliant language

You're in Great Company...
Thousands of companies have chosen GFI EndPointSecurity.


GFI EndPointSecurityTM - Videos

Dim lights Embed Embed this video on your site GFI EndPointSecurity QuickVid
Duration: 2:55

Learn about GFI EndPointSecurity, which allows control of iPods, USB sticks and other endpoint devices.


Awards & Reviews


Data Leakage Prevention Solution

GFI EndPoint Security wins Data Leakage Prevention Solution of the Year Award

GFI EndPoint Security was named Winner of the 2010 Computer Security Awards for Data Leakage Prevention Solution of the Year - Computing Security Awards, November 2011

CS awards finalist

2010 Computing Security Awards Finalist

GFI MailEssentialsTM, GFI EndPoint SecurityTM and GFI MailArchiverTM are all Finalists in the 2010 Computing Security Awards - September 2010

Business Solutions BCP 2010

Best Channel Product 2010 Award

GFI EndPoint Security awarded Best Channel Product 2010 from Business Solutions Magazine - Business Solutions Magazine, August 2010

Win Mag Pro Editor's Choice maart 2010

[NL] GFI EndPoint Security awarded Editor’s Choice Award

GFI EndPoint Security was awarded an Editor's Choice Award, scoring 9/10, in a group review from Winmag Pro - a Dutch print magazine for Windows professionals.

GFI EndPoint Security positive points were: (1) Wizard Quick Start for easy set up of basic settings; (2) Flexible configuration of security settings; (3) Security policies can be customized according to the type of machine.
It's only negative feature is that it is not available in Dutch - Winmag Pro, March 2010

Win Mag Pro

GFI EndPoint Security wins MKP Best Choice Award 2010

"GFI EndPointSecurity offers a solid protection for the 'endpoints' of your network". GFI EndPoint Security works around the schedule of the administrator making it the ideal solution for all businesses and organizations who are serious about security - WinMagPro, 2010


Cozumpark Logo

GFI EndPoint Security awarded 5 stars

Popular Turkish IT site Cozumpark reviews GFI EndPoint Security and awards it 5 stars - Cozumpark, July 2009

Windows IT Pro 2009 Community Choice Awards - Silver

GFI EndPoint Security awarded 2009 Community Choice Award

GFI EndPointSecurity was awarded Best Security Product - Community Choice and GFI EventsManager and GFI Network ServerMonitor were named winner of the "2009 Community Choice Awards" by Penton Media's Windows IT Pro magazine - Windows IT Pro, December 2009

Business Solutions Award

Best Channel Product 2009 Award

Five Best Channel Products Awards organized by Business Solutions Magazine have been given to GFI's products. GFI rated exceptionally well in the Network Security category and very high in terms of ease of upgrade and VARs’ ability to service the product. The winning products are: GFI MailArchiver, GFI MailEssentials, GFI EndPointSecurity, GFI WebMonitor and GFI MAX RemoteManagement, the latest offering from GFI specifically for VARs, MSPs and IT support companies.


GFI EndPointSecurity: Real nice solution

In a Group Test in SC Magazine, GFI EndPointSecurity gets a five-star review and is described as “a really nice solution” providing great features and performance.



4 stars for GFI EndPointSecurity

In a review in SC Magazine, GFI EndPointSecurityTM is rated four stars out of five and with full marks given to its ability to use the minimum of resources. The reviewer adds that the interface is clean and logically laid out while “the level of resources used is incredibly small, making the offering handy for many organizations”. - SC Magazine, September 2008


Control Usage of Portable Devices with GFI EndPointSecurity

Daniel Petri from the popular IT knowledge base,, talks about the threats posed by portable storage devices such as iPods, USB sticks, PDAs etc. In a review of GFI EndPointSecurityTM, Daniel says it “is one of the best portable device control software that I've tested, allowing you to easily control the usage of portable devices into your corporate network and thus strengthening your physical security”. -, February 2008

2007 and before

File Cart Award 4.5/5

Very good product

GFI LANguard P.S.C. (now GFI EndPointSecurityTM) received a rating of 4.5 out of a possible 5 stars from the popular download site, File Cart. The product was given the site's "Very Good Award". - File Cart


Handy tool to control security risk

In an article entitled "Tiny Storage Devices Carry a Big Risk", internet security specialist Douglas Schweitzer, discusses the threats posed by portable storage devices within an organization. The reviewer states that it is nowadays imperative to reduce the risk of insider theft and corruption and to safeguard sensitive information by using preventative software. The reviewer describes GFI LANguard Portable Storage Control as a "handy tool" which is a "secure alternative" to simply banning the use of portable storage devices. GFI LANguard P.S.C. (now GFI EndPointSecurityTM) "enables administrators to maintain control of the organization's network by allowing users to plug in USB sticks, download and upload digital camera data, and connect MP3 players, smart phones, handhelds and the like." - Computerworld


GFI LANguard P.S.C. plugs important security hole

In an article entitled "Corporate archives on users’ keychains", reviewer Michael Osterman, writing for NewtworkWorldFusion, discusses the significant dangers posed by USB sticks to corporate messaging systems. The two possible dangers discussed are the theft of "large amounts of sensitive data", and the "introduction of viruses and malware from a home PC to the corporate network". The reviewer sees GFI LANguard P.S.C. (now GFI EndPointSecurityTM) as a possible solution to this growing security threat. "GFI’s new tool plugs an important security hole that exists in many networks, making messaging data and other content just a bit more secure." - NetworkWorldFusion


Silver award for GFI LANguard Portable Storage Control

Reviewer Deb Shinder writing for, awarded GFI LANguard Portable Storage Control (now GFI EndPointSecurityTM) the silver prize, rating it 4/5. The reviewer describes GFI LANguard P.S.C. as an essential tool for administrators to technologically control the use of portable storage devices. The reviewer found the software easy to install and use. She notes that the interface is simple, and she particularly liked the program included links to a support center and KnowledgeBase within the management console. The reviewer concludes by stating that there is a definite need for a program like GFI LANguard P.S.C. "Administrators are sure to sleep easier at night, knowing they have a way to keep rogue USB drives and other removable media from threatening the integrity of their networks." -


Excellent and easy to use

In a review on Liquidmatrix Security, Dave Lewis looks into the threat posed by portable storage devices and how GFI EndPointSecurityTM allows administrators to allow, yet control their use on the company network. He describes the product as “an excellent and easy to use offering from GFI” and “I recommend giving it a test drive”. - Liquidmatrix


Fast, stable and efficient

The threat posed by portable storage devices such as USB sticks and iPods and how GFI EndPointSecurityTM can address these threats is highlighted in a review in IT-Observer. The reviewer says the product “offers many features to take control of data flow from storage devices in complex network environments”, the “whole management process is accomplished through the easy-to-use administrator console” and that “it proved to be fast, stable and easy to deploy – not to mention very efficient”. - IT-Observer


Good value for money

In a review in SC Magazine, GFI EndPointSecurityTM is rated four stars out of five and described as a complete endpoint security kit that is “good value for money and a useful tool set that should scale well to large enterprises”. The magazine also highlights GFI EndPointSecurity’s client deployment tool and its integration with Active Directory. - SC Magazine


Fast, stable and efficient

In a review of GFI EndPointSecurityTM in, reviewer Tim Wilson writes that if a company needs to manage user access to the external devices from the computers in a network, they should “definitely check GFI EndPointSecurity”. He says the “the software concept is pretty straightforward and every decent administrator shouldn’t have any problems in deploying the solution.” Wilson highlights a number of features including its versatile logging possibilities, buffering of protection procedures when a laptop is disconnected and reconnected to the network, and the fully-fledged reporting add-on. Concluding, he says “the software proved to be fast, stable and quite efficient”. -


Powerful piece of software

In an extensive review of GFI EndPointSecurityTM in, Jakob H. Heidelberg gives the product 4.5 out of 5 and a Gold Award. In his review, he says GFI EndPointSecurity offers great features “to take control of vulnerable data and network environments”. He highlights the product’s security advantages over Microsoft Windows Vista Group Policy, such as GFI EndPointSecurity’s ability “to exert almost the exact same level of granular control over all 32-bit versions of Windows 2000, XP, 2003 based computers and all devices without a file system. These include printers, scanners, modems, Bluetooth dongles, etc”; something that administrators cannot do in Windows Vista. He also talks highly of GFI EndPointSecurity’s tracking of device usage and log management. Concluding he recommends readers to download and try out “this powerful piece of software”. -


Fast, stable and efficient

In a review for, Tim Wilson found GFI EndPointSecurityTM to work like a charm in various scenarios in which it was deployed and that it helps “add an extra layer of security to your organization network environment”. He said the “software concept is pretty straight forward and every decent Windows administrator shouldn't have any problems in deploying the solution.” Fast, stable and quite efficient, “if you need to manage user access to the external devices from the computers in your network, you should definitely check GFI EndPointSecurity.” -


A straightforward, solid application

In the ‘Required Reading’ section in Windows IT Pro, reviewer Karl D. Middlebrooks awarded GFI EndPointSecurityTM a 4 out of 5 rating and described it as a product that does the job well with “a clean, easy-to-use interface”. The review praises various features of GFI EndPointSecurity including the ability to divide computers into groups and apply policies by computer group as well as by user, and also as having good AD integration. - Windows IT Pro

Innovation Award 2006

GFI EndPointSecurity wins the TMC Labs Innovation Awards 2006

TMC Labs conclude that GFI EndPointSecurityTM deserves the TMC Labs’ Innovation Awards for 2006. The product was admired for its unique features and its ease-of-use. - TMC Labs


Reporting made easy

Leading trade publication Processor magazine included GFI EndPointSecurityTM in a feature about the latest product releases available on the market. The feature highlights the very useful features found in GFI EndPointSecurity ReportPack and refers to the professional reports that can be generated based on usage events for the portable devices. - Processor


End threats from portable storage devices featured a story by freelance writer Elisabeth Horwitt which describes how portable storage devices become conduits for viruses and other malware for businesses. GFI EndPointSecurityTM was praised for solving this big problem and for providing "a more granular solution". Tri-County Board of Recovery and Mental Health in Troy, Ohio installed GFI EndPointSecurtity "to ensure that sensitive data didn't make an unauthorized exit via a floppy or a USB device." The story concluded by stating that “centralized administration features take the burden off SMB IT staffs”, making GFI EndPointSecurity an obvious choice to end threats from portable storage devices. -


Prevent network havoc

In a detailed article for, writer Andrew R. Hickey explains the evolving issues of endpoint security and how serious these issues have become. Within the article Dianne McAdam, an independent industry analyst, describes how GFI EndPointSecurityTM meets the increasing need to “control where information goes” and explains that GFI EndPointSecurity is a reactive approach to network security. McAdam adds that GFI EndPointSecurity is “a smart move and a move that all corporations need to be considering right now." -


Network-wide control

GFI LANguard P.S.C. (now GFI EndPointSecurityTM) received the top rating of 5 stars from the popular shareware site, The site praised the product's ability to offer administrators network-wide control. -


An effective way at limiting exposure risks

In a review for Windows IT Pro, reviewer John Green awards GFI LANguard Portable Storage Control (now GFI EndPointSecurityTM) 4 points out of a possible 5. The reviewer found the product "easy to install and administer", stating: "The agent installed quickly and painlessly in my testing." The reviewer concludes by noting GFI LANguard P.S.C. is "an effective way to restrict user access to portable storage devices". - Windows IT Pro