The 6 Best USB Control Software of 2025 (Tech Review)

AccessPatrol USB Device Control software from CurrentWare

Ready to prevent data loss to USB storage devices? Get started immediately with a free trial of AccessPatrol, CurrentWare’s USB blocking software.

Stop Data Theft to Removable Storage
Block unauthorized USB storage devices to limit illicit file transfers and protect confidential data
USB Activity Dashboards & Reports
Get advanced insights into peripheral device usage and file operations
Protection On Any Network
USB security policies travel with your devices, keeping sensitive data safe when users leave the network

Get My Free Trial Learn More

Case Study
Viking Yachts Stops an Employee From Stealing Their Intellectual Property

A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

As Viking Yachts grew, their network administrator Vincent Pecoreno was responsible for supporting over 530 users and 1500 devices across multiple geographic locations, making visibility a challenge without the right tools in place.

Once equipped with CurrentWare’s user activity monitoring and data loss prevention solutions, Viking Yachts had the insights they needed to protect their sensitive data.

Read their case study to learn more about how Vincent used CurrentWare to detect a data theft attempt from a soon-to-be-ex-employee.

Read the Case Study

Need a USB blocker to protect sensitive files against theft to portable storage? In this article you will learn why you need to block USB devices and the best USB device management tools to prevent data loss to removable media.

Looking for more tools? Check out our list of the best internet filters and the best employee monitoring software

Back to Table of Contents

The Best USB Control Software of 2023

1) AccessPatrol – The Best USB Control Software For Windows (Including Windows XP, 7, and 8!)

Last Updated: 14 May 2024

Overview

AccessPatrol is a data loss prevention (DLP) and USB security management software solution that protects sensitive data against theft to portable storage devices and cloud storage services.

AccessPatrol keeps data secure by…

Preventing data loss by stopping users from stealing data or transferring malicious files with easily concealed USB flash drives
Allowing you to identify devices that have been used on your endpoints
Tracking file transfers to/from any website
Blocking file uploads to cloud storage services
Maintaining auditable records of file transfers to portable storage, and…
Triggering real-time alerts when security policies are violated

AccessPatrol’s central console allows you to centrally manage devices and run reports on your user’s USB activities from the convenience of a web browser.

The security policies are enforced by a software agent that is installed on your user’s computers. This keeps devices restricted and monitored even when the computers are taken off of the network.

AccessPatrol operates from the same central console as the other modules in the CurrentWare Suite. It can be purchased individually for the greatest flexibility or bundled with the CurrentWare Suite for the best value.

The CurrentWare Suite includes multiple solutions for protecting data:

Get My Free Trial

Learn More

Platforms & Deployment Options

central management console for AccessPatrol endpoint security solutions

AccessPatrol is exclusively available on Windows. It supports Active Directory import and sync that allows you to manage your users with your existing organizational units alongside non-AD users.

In addition, legacy versions of AccessPatrol are available that can be used to monitor and block USB devices on Windows XP.

AccessPatrol uses a software client to enforce data loss prevention policies on devices no matter which network they are connected to, making it the ideal solution for protecting remote workers.

AccessPatrol has been verified as Citrix Ready. The device control software can be installed on premises or to the cloud on a self-managed cloud virtual machine

Learn More: AccessPatrol System Requirements

Pros/Cons

Pros

Device control policies can be customized based on user and computer groups; it integrates with Active Directory to simplify user management
At $5 PUPM it’s the best value device control software when compared to those with a similar feature set
Integrates with the CurrentWare Suite to protect corporate data against high-risk websites and user activity
Easy-to-use interface and operator accounts allow for trusted employees to perform centralized monitoring and adjust USB data security policies as needed

Cons

Only available for Windows machines
Device control capabilities require a software agent to be installed
While AccessPatrol works with both encrypted and unencrypted usb devices, an external tool is required to enforce data encryption

Price

AccessPatrol is a USB security management module within the CurrentWare Suite. When purchased as a standalone module its pricing starts at $5 per license per month, paid annually.

The full CurrentWare Suite starts at $12 and provides additional modules for internet use monitoring, web filtering, and remote PC power management.

Discounts are available for prepayment and bulk licensing, managed service providers, and nonprofit/educational organizations.

A free trial of AccessPatrol is available for 14 days and 10 computers.

Learn More: AccessPatrol pricing and licensing FAQ

Get My Free Trial Learn More

Key Features

Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

AccessPatrol has a variety of device control capabilities. Beyond the ability to block removable storage devices it can permit temporary or scheduled access to USB devices, selectively restrict data transfers based on file name and extension, and more.

Here are AccessPatrol’s key USB security management features:

Device Control: Selectively allow or block access to a variety of peripheral devices including removable devices, Bluetooth devices, mobile devices, communication ports, printers, firewire, and others | Learn More: Which Devices Can I Control With Accesspatrol?
Granular Control: Data Loss Prevention policies can be customized based on groups of users/PCs. Data transfers can be permitted to specific USB devices that are on an allow list. Access permissions can be set to Full / Read only / No access for devices.
USB Activity Reports & Alerts: Monitor data transfers and file operations to portable storage devices, network share drives, and cloud storage services. Audit device access with detailed reports of all allowed and blocked storage devices used by each employee or workstation. Get alerts of attempts to use unauthorized peripherals.
Temporary Access: AccessPatrol can grant temporary access to blocked devices with the access code generator. Use the generator to produce a time-limited single-use code that provides users with full access permissions to their peripheral devices, even if they do not have access to the internet.
Restrict Data Transfers: Prevent files from being transferred to USB devices based on their name or extension, even for trusted removable devices.
Remote Workforce: The USB lockdown software tools continue to work even when devices are taken off the network.

Learn More: AccessPatrol USB device control features

Get My Free Trial Learn More

Reviews

Case Study
Viking Yachts Stops an Employee From Stealing Their Intellectual Property

Once equipped with CurrentWare’s user activity monitoring and data loss prevention solutions, Viking Yachts had the insights they needed to protect their sensitive data.

Read their case study to learn more about how Vincent used CurrentWare to detect a data theft attempt from a soon-to-be-ex-employee.

Read the Case Study

Support

✅ Email/Help Desk
✅ Knowledge Base
✅ Phone Support
✅ Live Chat

Product support for AccessPatrol is available from a variety of channels. Their support team is active 8:00 AM – 6:00 PM ET, Monday to Friday.

Get My Free Trial Learn More

Last Updated: July 2024

Overview

ManageEngine Device Control Plus is a device control software solution created by Zoho Corp. It is available for both Windows and macOS. It is free for up to 25 devices in LAN; the free version contains all of the features except for the ability to have multiple administrator accounts.

Platforms & Deployment Options

ManageEngine Device Control Plus is compatible with both Windows and macOS.

Supported Windows OS:

Windows 10
Windows 8.1
Windows 8
Windows 7
Windows server 2016
Windows server 2012 R2
Windows server 2012
Windows server 2008 R2
Windows server 2003 (Conditional support)

Supported macOS:

10.12 Sierra
10.13 High Sierra
10.14 Mojave
10.15 Catalina
11 Big-Sur
12 Monterey

Pros/Cons

Pros

Free for up to 25 devices within a LAN
The annual subscription is US$595 for 100 Computers ($5.95 per computer per year), making it a suitable budget device control software.
Both macOS and Windows are supported

Cons

The macOS version supports less devices than the Windows version
Their support team has consistently critical reviews online; the key grievances revolve around an abundance of canned responses and requiring multiple attempts to get issues resolved
While Zoho has a diverse product portfolio, members of the cybersecurity community have concerns over their ability to develop and maintain safe security software like ManageEngine

Price

The annual subscription is US$595 for 100 Computers ($5.95 per computer per year).
Perpetual licenses for 100 computers are available for US$1,488 with a cost of US$298 per year for support and maintenance
Basic annual maintenance and support is included with the subscription; 4 hours of web-based product training is available for US$495
Multiple add-ons are available including a failover service, secure gateway server, and a multi-language pack license

Key Features

Device and Port control
File access control
File transfer control
File tracing
File shadowing
Device audit
Temporary device access
Trusted Device List

Reviews

While ManageEngine has an extensive product portfolio with many users, reviews for ManageEngine Device Control Plus specifically are difficult to come by.

Based on reviews, ManageEngine Device Control Plus works great as a basic device control software for restricting removable devices, but their customer support is lacking and their feature set does not compete with more advanced device control products.

This software delivers on the essential tasks required for security monitoring files by running real-time and audit reports of who, what, where, and when.
Verified Reviewer of ManageEngine DataSecurity Plus on Capterra (2019)

Manage Engine products seem to be about 80% complete. The UI is unnecessarily unintuitive. They are clearly written by developers who don’t actually know what the end users need.
/u/SysWorkAcct (2022)

I have been in the IT field 20+ years and this is BY FAR the worst technical support I have ever encountered.

I have been in constant “chat sessions” with support. They always end with “can you please upload the log files and we will get back with you.” So I upload the files. 3-5 days later they finally reply with some “canned” fixes or links that do not resolve the issue, then once again ask you to upload the log files. Rinse and repeat.
/u/newsomek (2022)

I would highly recommend using one of their local resellers instead If you want/need quality local support.
/u/elasticweed (2022)

Support

✅ Email/Help Desk
✅ Knowledge Base
✅ Phone Support (Premium Add-On)
✅ Live Chat

While ManageEngine Device Control Plus provides a variety of methods to contact their support team, critical reviews online have recommended users to purchase from a local reseller to get quality support.

4 hours of web-based product training is available from ManageEngine for US$495

ManageEngine provides email support (during the business hours) for signing-up, usage assistance, problem diagnosis and resolution, clarification in documentation, and technical guidance.

Customers can use telephone support for the following:

To report a problem and get technical assistance.
Following up on a problem.
Communicating the priority.
Getting the status on your current problem etc.

Last Updated: July 2022

Overview

As a company, Ivanti was born out of a series of mergers and acquisitions. In 2015, Lumension and FrontRange merged to create HEAT Software, driven by private equity firm Clearlake Capital. In January 2017, as part of the transaction by Clearlake to acquire LANDESK, Clearlake contributed HEAT Software to the new platform investment in LANDESK. As a result, a new company was established under the name Ivanti.

Ivanti Device Control provides a variety of advanced device control features including forced data encryption, off-network compatibility, and full auditing of all Administrator actions.

Platforms & Deployment Options

Ivanti Device Control supports both Windows and macOS. While it is not a verified Citrix Ready partner the vendor does note that the Ivanti Device Control software clients are compatible with Citrix XenApp and XenDesktop.

Pros/Cons

Pros

macOS and Windows compatibility makes it a great data leakage prevention solution for mixed OS environments
File shadowing feature gives organizations the ability to prevent data loss by shadowing all data copied to external devices or specific ports

Cons

The company’s history of mergers and acquisitions has been difficult for legacy customers searching for support
This software is too difficult for a small IT Group to maintain and manage.

Price

Pricing for their USB security management tool is not publicly available; you must contact their sales team for a custom quote.

Key Features

Implement file copy limitations, file type filtering, and forced encryption policies for data moved onto removable devices.
Device whitelisting
Granular policies allow you to assign permissions for authorized removable devices and media to individual users or user groups.
Grant temporary access to USB devices
Centralized management
Active Directory integration
Enforced encryption of removable storage up to 2TB and internal storage larger than 2TB.
Works Off-network
Admin activity log
USB activity reports
Custom block message
File shadowing
Limit file transfers based on size

Reviews

The team at what was Lumension are excellent. They provided KB articles regularly, they were brilliant at customer service and support. Overall just a pleasure to work with. During my time working with Lumension I came across a few issues, on a couple of occasions these required release updates so did take a while, but most of the time the team at Lumension provided a way to resolve the issue in the version I was using or input on what could be done to fix the issue.
Anonymous, IT Services Industry (2010)

It worked exactly how it was supposed to. Device control and reporting on devices was exceptional often even down to the make/model and serial number of the device being attached.
Anonymous, IT Services Industry (2010)

I am impressed with Lumension, it is great for that in depth level of control – able to go down to a device/user/computer level and set permissions.
Liam Windsor Brown, Finance Industry 101-250 Employees (2015)

What do you like best?

This application does an amazing job of controlling all of your Endpoints. You can use this product to manage USB devices, dvd drives, and to shadow copy violations of policy. This is very useful when you need to maintain peak productivity and keep data safe.

What do you dislike?

With the aggressive mergers and expansion Ivanti – formally Landesk has experienced in the last few years, some of the message, roadmaps and support channels have degraded in value while cost continues to rise at around 5% per year.
Anonymous Administrator in Information Technology and Services (2018)

Support

✅ Email/Help Desk
✅ Knowledge Base
✅ Phone Support
❌ Live Chat

Three levels of support are available: Standard, Premium, and Enterprise.

All support levels entitle you to receive software updates and upgrades, including patches, fixes, and security updates. Technical support is provided via the Ivanti Support Portal or over the phone.

Access to the Ivanti Community is also available with each of three plans, giving you an opportunity to meet other Ivanti customers using the same product(s) so you can share ideas, request ideas or help, or just get to know others with similar job responsibilities.

Last Updated: December 2022

Overview

Endpoint Protector By CoSoSys is a data loss prevention and endpoint security solution that includes robust data loss prevention features including deep packet inspection and data scanning.

While the initial setup of Endpoint Protector By CoSoSys is complex, the ability to create custom rules to detect and block transfer of data you consider sensitive allows for greater protection of confidential data than a traditional device control software solution.

Platforms & Deployment Options

The clients for Endpoint Protector device control can be installed on the following operating systems:

Windows
Mac
Linux

Endpoint Protector By CoSoSys is one of the few device control solutions that support Linux, making it an excellent choice for preventing data theft in Linux environments. It supports various Linux distros including Ubuntu, OpenSUSE, RedHat and CentOS.

Unlike other multi-OS device control software vendors that have limited features on non-Windows OSs, Endpoint Protector provides feature parity between Linux, Windows and macOS computers.

Endpoint Protector’s endpoint security solution can be deployed as a virtual appliance, as a self-managed cloud service, or directly from CoSoSys as a software-as-a-service (SaaS) solution.

Virtual appliance

Available in VMX, PVA, OVF, OVA, XVA and VHD formats, being compatible with the most popular virtualization tools.

Cloud services

Available for deployment in the following cloud services: Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).

SaaS

Reduce deployment complexity & cost. Focus more resources on identifying and mitigating risks to your sensitive data and less on maintaining the infrastructure.

Pros/Cons

Pros

Robust DLP features including deep packet inspection and scanning data in motion
Enforced encryption ensures that data transferred to removable storage devices are protected against accidental disclosure to unauthorized computers
Feature parity for key functions across all operating systems and Linux support makes this a true device control solution for multi-OS environments

Cons

Initial setup is complex, particularly for their data discovery features; this often leads to false positives that prevent critical information sharing
The learning curve is pretty steep to get the policies set up correctly
The user interface can be confusing to navigate
As new solutions have entered the market Endpoint Protector has fallen behind in features compared to competitors

Price

Pricing for Endpoint Protector is not publicly available. The trial license allows access to all Endpoint Protector’s features for a period of 30 days.

To gain access to all of Endpoint Protector’s endpoint protection and data loss prevention features you must purchase additional modules.

Key Features

Lockdown, monitor and manage devices. Granular control based on vendor ID, product ID, serial number and more. Define policies per user, computer, or group.
Prevent data leakage through a variety of egress points including clipboard, screen captures, USB devices, and applications including Microsoft Outlook, Skype or Dropbox.
Monitor, control and block file transfers. Protects data in motion with identifiers ranging from file type to predefined content based on dictionaries and regular expressions.
Create custom rules to detect and block transfer of data you consider sensitive.
Enforced encryption
eDiscovery: Discover, encrypt, and delete sensitive data
Deep packet inspection & network communications control
Separate outside network and outside hours policies
USB activity alerts and reports
File shadowing

Reviews

Overall: We needed to unify our data loss prevention solution and Endpoint Protector checked all our key requirements and more. Support is very responsive and the rollout was super easy.

Pros: Endpoint Protector has compatibility with all major operating systems. Endpoint Protector’s granularity on who or which computer gets what policies makes it easy to apply Endpoint Protector to many use cases.

Cons: The flow of the user interface could use some work and unification. It takes a bit to get used to and there’s a few breaks in the flow that I find a bit annoying at times.
Verified Anonymous Reviewer, IT Technology Company (2021)

If you are looking for a product that protects source code, this is not for you. Lot’s and lot’s of false positives when trying to check for code leaks, so many in fact, that it make it unusable for this purpose
Gustavo P., Cloud Systems Administrator (2021)

The product is robust, intuitive & designed by a very dedicated company that carefully listens to it’s customers both when it comes to implementing requested product features and support.
Chad P., Dispatch Coordinator (2017)

The learning curve is pretty steep to get the policies setup correctly. Make sure you team has someone to set this up and have the machine to host the software. That was the only piece we were missing is we had to scramble to find a machine powerful enough to host the solution.
Ray G., Interactive Developer (2020)

What do you like best?

I liked how responsive their support was and how they bundled all the products in one console. The console was pretty simple to work with. I like use agents and this product involves installing an agent on the device that will then report in.

What do you dislike?

I would recommend exploring other products on the market. This product has potential but it’s similar in cost to other products has some difficulty in configuring due to outdated labelling in the console, and doesn’t cover as much as other products.
Anonymous Administrator in Health, Wellness and Fitness (2022)

Support

✅ Email/Help Desk
✅ Knowledge Base
✅ Phone Support
✅ Live Chat

Paid consultations are available for assistance with solution planning, design and deployment. As the creation of custom rules is complex and unique to each organization this added training can be of great benefit.

Last Updated: July 2022

Overview

While Gilisoft USB Lock is not the best device control solution for businesses, its affordable pricing, variety of features, and simple interface make it an ideal choice for home users that want to prevent data theft, restrict internet use, and stop unwanted apps from launching.

Platforms & Deployment Options

USB Lock is available for Windows 2000/2003/XP/7/8/10/11

Pros/Cons

Pros

Expands beyond USB control to include web filtering and app blocking
Inexpensive perpetual license

Cons

Lack of Active Directory integration or a central console makes it unscalable for businesses

Price

$39.95 per device per year subscription
$49.95 per device for a perpetual license with lifetime free updates
Volume discounts are available

Key Features

Email alerts notify administrators when end-users try to brute force the password to the software
Block websites
USB activity reports and web filtering logs
Device control tools
Encryption of removable storage devices

Reviews

Gilisoft USB Lock has a simple-to-use interface but it offers advanced features. The application allows you to set a list of trusted devices, so you won’t have to worry about data loss
Windows Report

The graphical interface of GiliSoft USB Lock is very modern, glossy, and intuitive. Its layout is well designed which makes it unchallenging for all kinds of users to work on this software, irrespective of their technical background.
Phohen

While the USB lock does what it intends to do, it gives your computer many lag spikes while you use it. In my opinion, it’s really worthless and you shouldn’t download it unless you have an incredibly good computer or if you enjoy lag spikes.
aznkidkevin7, Download.Cnet.com

Support

✅ Email/Help Desk
✅ Knowledge Base
⚠️Phone Support (Skype)
❌ Live Chat

Last Updated: July 2022

Overview

Note: Microsoft Intune is not a dedicated USB lockdown software. This review will focus largely on its USB lockdown features, though it has far more utility as a mobile device management (MDM) and mobile application management (MAM) solution that is not covered in this review.

Intune is available as part of various Microsoft multi-soution licenses:

Microsoft 365 E5
Microsoft 365 E3
Enterprise Mobility + Security E5
Enterprise Mobility + Security E3
Microsoft 365 Business Premium
Microsoft 365 F1
Microsoft 365 F3
Microsoft 365 Government G5
Microsoft 365 Government G3
Intune for Education (Microsoft 365 Education A3 + A5)

If you are already an active customer who has a dedicated IT team and you simply need basic USB lockdown features without USB activity reports you may want to consider using Intune to block USB devices.

If you need device control solutions that make it easy to allow and block specific USB devices you may want to consider a Microsoft Intune alternative for USB lockdown.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). With Intune you have control over how your business’s laptops, tablets, and cell phones are used.

Additionally, Intune enables employees in your company to use their personal devices for work. On personal devices, Intune can separate organizational data from personal data to ensure that it remains safe.

Intune provides mobile device and application management across popular platforms: Windows, Mac OS X, Windows Phone, iOS, and Android. When Intune is connected with Microsoft Endpoint Configuration Manager in a hybrid configuration, you can also manage Macs, Unix and Linux servers, and Windows Server machines from a single management console.

Platforms & Deployment Options

Intune supports devices running the following operating systems (OS):

iOS
Android
Windows
macOS
Apple iOS 13.0 and later
Apple iPadOS 13.0 and later
macOS 10.15 and later
Android 8.0 and later (including Samsung KNOX Standard 2.4 and higher
Windows 11 (Home, S, Pro, Education, and Enterprise editions)
Surface Hub
Windows 10 (Home, S, Pro, Education, and Enterprise versions)
Windows 10 and Windows 11 Cloud PCs on Windows 365
Windows 10 Enterprise 2021 LTSC
Windows 10 Enterprise 2019 LTSC
Windows 10 IoT Enterprise (x86, x64)
Windows Holographic for Business
Windows 10 Teams (Surface Hub)
Windows 10 version 1709 (RS3) and later, Windows 8.1 RT, PCs running Windows 8.1 (Sustaining mode)
Windows 11

Pros/Cons

Pros

A robust solution for managing endpoints in desktop and mobile work environments. Perfect to reduce the time and effort IT admins need to manage desktop and mobile work environments.
Control how your organization’s devices are used, including mobile phones, tablets, and laptops
Enforce compliance with computer security requirements across an entire organization

Cons

Lack of USB activity reports
Misconfigurations are likely to cause disruption to users and can be difficult to undo
Selectively allowing approved USBs requires complex manual parameter tuning in an XML file

Price

Intune is available as part of a variety of Microsoft multi-solution licensed products, such as Microsoft’s Enterprise Mobility + Security (EMS) suite. This suite is a bundle that combines Intune with various Microsoft Azure security and identity management products.

The EMS suite is available in two tiers:

Enterprise Mobility + Security E3 $10.60 user/month
Enterprise Mobility + Security E5 $16.40 user/month

Enterprise Mobility + Security E3 includes Azure Active Directory Premium P1, Microsoft Intune, Azure Information Protection P1, Microsoft Advanced Threat Analytics, Azure Rights Management (part of Azure Information Protection) and the Windows Server CAL rights.

Enterprise Mobility + Security E5 includes all the capabilities of Enterprise Mobility + Security E3 plus Azure Active Directory Premium (AADP) P2, Azure Information Protection P2, Microsoft Cloud App Security, Azure Active Directory [AD] Identity Protection (as a feature of AADP P2), Azure Advanced Threat Protection, Azure AD Privileged Identity Management (as a feature of AADP P2).

Key Features

Note: Microsoft Intune is a dedicated mobile device management (MDM) and mobile application management (MAM). This section will focus on its USB control features.

Set rules and configure settings on personal and organization-owned devices to access data and networks.
Deploy and authenticate apps on devices — on-premises and mobile.
Protect your company information by controlling the way users access and share information.
Ensure devices and apps are compliant with your security requirements.

Reviews

Note: As Intune is more than USB control software, many of these reviews reflect the user’s experience when using Intune as a mobile device management (MDM) and mobile application management (MAM) platform.

We ended up going with a mix of Intune and a 3rd party because Intune doesn’t have a policy that says “block all USBs except this one type of encrypted drive”. Doing it via regular GPO causes a whole host of other problems because the GPO blocks removable devices not just storage.

We struggle with the Tattoo issue as we have shared computer situations where someone who is in the block policy logs in and then someone on the allow list logs in….until the Intune policy syncs (which can take awhile sometimes) the person who should be allowed removable media is blocked.
/u/MiamiFinsFan13

Microsoft Intune still represents one of the best device management options for folks running Microsoft-centric environments. The bundle options with Azure-based identity and security tools have matured and represent a powerful growth path. However, the price will be substantial and, for those running non-Microsoft platforms, there are some overlooked features, too.
PCMag (2017)

Pros: Its security is most valuable. It gives us a way to secure devices, not only those that are steady. We do have a few tablets and other devices, and it is a way for us to secure these devices and manage them. We know they’re out there and what’s their status. We can manage their life cycle and verify that they’re updated properly.

Cons: It doesn’t economize when you scale up. We have over 14,000 employees, and we have between 7,500 and 8,000 city-owned or personal devices being used to conduct city business. Its price can be improved. It is not a cheap solution.
reviewer1141062, Enterprise Computing Services Manager at a government with 10,001+ employees

We already use a lot of Microsoft products in our company, and therefore, it made sense to also use this product.
Peter Augustin, Global Messaging & Mobility Specialist at a pharma/biotech company with 10,001+ employees

Support

✅ Email/Help Desk
✅ Knowledge Base
✅ Phone Support
❌ Live Chat

Microsoft provides global technical, pre-sales, billing, and subscription support for device management cloud-based services, including Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.

Customers with a Premier or Unified support contract have additional options for support. As a customer with a Premier or Unified support contract, you can specify a severity for your issue, and schedule a support callback for a specific time and day. These options are available when you open or submit a new issue and when you edit an active support case.

Free removable media policy template from CurrentWare

FREE DOWNLOAD
Removable Media Policy Template

Set data security standards for portable storage
Define the acceptable use of removable media
Inform your users about their security responsibilities

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

What Are the Risks of Removable Media?

Data Leaks & Insider Data Theft

data leakage prevention - how to protect your data

The theft of sensitive data via USB ports is by far the greatest risk presented by unmanaged USB devices. Companies with databases full of sensitive data such as customer information, intellectual property, and trade secrets are especially vulnerable to insider data theft as this data can be used for personal or professional gain.

A USB blocker is an essential part of any data theft prevention strategy. By not restricting USB drives and other external devices from USB ports a data security incident is as simple as a user sneaking in an unauthorized USB flash drive, plugging it into an available port, initiating a download of sensitive data from the network to the device, then walking away.

Data Loss & Integrity Risks

data loss prevention - the top data exfiltration risks

USB devices are portable, which makes them convenient for mobile data storage. It also makes them incredibly easy for a user to misplace.

If a proper data backup system is not in place for crucial data there is a risk that the most up-to-date version of a file is located on a USB removable storage device. Should one of the removable devices go missing the integrity of the data will be compromised, not to mention the potential data breach if the data wasn’t encrypted.

With a USB blocker you can improve data security by limiting what files are allowed to be transferred to a USB device.

USB Malware & Viruses

Since USB flash drives are capable of storing and transmitting data, they are potential vectors for malware. The infamous Stuxnet computer worm, for example, was able to infect air-gapped computers in an Iranian uranium enrichment plant when infected USB flash drives were plugged its USB port.

Even if USB drives aren’t intentionally infected with malware, personal USB devices are at a greater risk of inadvertent infections. A USB blocker protects against rogue USB devices by blocking USB ports and allowing you to authorize trusted USB drives.

Learn More: How Rogue USB Devices Harm Security

Examples of Removable Devices

A 32 gigabyte USB flash drive sitting on top of a computer keyboard

Removable devices consist of a variety of compact devices that can connect to another device to transmit data from one system to another.

USB storage devices (“Jump Drive”, “Data Stick”, “Thumb Drive”, “Flash Drives”, etc)
SDHC, SDXC & SD cards
External drives and solid-state drives
R/W Compact Disk or DVD media
Mobile devices such as tablets, smart devices, cameras, and portable media that support a data storage function such as player-type devices with internal flash or hard drive-based memory.
eSATA devices
Floppy disks

Case Study
Metromont Improves User Awareness of USB Security Risks

Now that CurrentWare is in place, our employees have stopped using random USB devices. Instead, they submit requests to use approved USB devices as needed.

Preventing users from inserting unauthorized removable media devices into company computers is an essential cybersecurity control.

Metromont realized the importance of USB security when an external security company performed a highly targeted USB drop attack on their employees.

Alarmingly, some of the employees plugged these unsanctioned USB drives into their work computers—A situation that otherwise could unknowingly grant threat actors access to sensitive information!

Read their case study to learn how CurrentWare’s USB restriction and USB device activity monitoring capabilities helped Metromont ensure compliance with their data security policies.

Read the Case Study

USB Control Methods Overview

To protect sensitive data against removable media devices you need more than a single tool. A layered cybersecurity strategy that combines physical, technical, and administrative controls is the most effective approach to preventing viruses and data loss.

This section will overview a few USB control methods that you can use to mitigate this threat.

USB Blocker Software

The best USB blocker software (device control software) are centrally-managed device control tools that allow you to selectively enable and disable what types of peripheral devices can be used and which endpoints/users are permitted to use them.

For example, you can use USB blocker software for blocking USB ports for any user or computer with access to sensitive data while leaving the USB blocker turned off for users that pose less risk.

You can also enforce the exclusive use of authorized USB devices by blocking USB ports to peripheral devices that have not been added to an allow list.

CurrentWare’s USB blocker software AccessPatrol allows you to block or unblock USB ports in just a few clicks, making USB security simple and scalable.

AccessPatrol includes key features to prevent data leakage to portable drives:

Only allow trusted devices
Get alerts of potentially malicious activity such as attempts to use unauthorized removable storage devices
Integration with Active Directory
Control other devices such as Bluetooth, Firewire, SD/MM cards, and scanners.

Get My Free Trial Learn More

Learn More: Which devices can I control with AccessPatrol?

Pros of a USB Blocker Software	Cons of a USB Blocker Software
Scalable USB security. Solutions that allow for remote central policy management make managing the USB security policies of an entire business scalable.	The solution is not free. While there may be some freeware solutions with limited functionality available, the best features for business use are found in paid USB lockdown software
Greater visibility. The best USB lockdown software tools will include a feature to monitor USB activities. Timestamped reports of what devices are being used, which computer it was used on, and which user was logged in are incredibly valuable when investigating suspected data leaks.	Requires a software agent. To control all the USB ports with usb lockdown software tools you need to install a software client on each machine you’d like to control. This limits your ability to control USB ports on equipment that is owned by the user.
Granular control. Rather than completely blocking peripheral ports you can selectively choose what devices are allowed and who is allowed to use them. The best USB control software will allow you to selectively assign read-only, read/write, and no access to each device type.

Ready to start blocking USB devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB control software.

Get My Free Trial Learn More

Removable Media Policy

FREE DOWNLOAD
Removable Media Policy Template

Set data security standards for portable storage
Define the acceptable use of removable media
Inform your users about their security responsibilities

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

A removable media policy is a type of information security policy that dictates the acceptable use of portable storage devices such as USB flash drives, external hard drives, and tape drives.

These policies serve as a critical administrative security control for managing the risks of removable media. They establish the security responsibilities of users, explain the importance of following security standards, and provide guidelines for protecting sensitive data when transmitting confidential data to portable storage.

A USB blocker works in tandem with these administrative security controls to ensure your users avoid high-risk behavior such as using personal USB devices or stealing data for personal or professional gain.

Back to Table of Contents

Block USB Ports With Epoxy, Super Glue, etc

While this is an extreme form of removable device protection, it’s a surprisingly commonly suggested tool. After all, it does prevent the use of peripheral ports on a computer; albeit permanently.

If you desperately need a USB blocker while on a shoestring budget, it technically get the job done. As they say, “sometimes it’s best to just take control of the physical layer and call it a day.”

While using epoxy as a literal port blocker will certainly prevent the use of removable storage devices, there are several downsides…

Pros of this USB Blocker	Cons of this USB Blocker
It’s a permanent USB blocker. The ports are truly blocked, ensuring that no devices can be used.	You can’t unblock peripheral ports. With no option to block and unblock USB access, the computer is permanently unable to accept any devices for the rest of its lifespan.
It’s cheap and easy! No need to purchase USB blocking software or spend time in the BIOS on each computer. Applying epoxy is as simple as pressing a plunger.	It harms employee productivity. Modern day keyboards, mice, and other peripherals need a USB port to function. A permanent USB blocker prevents the use of legitimate devices.
	It’s unnecessarily destructive. The device immediately loses any value for resale/refurbishment. Reliably getting epoxy out of the ports simply isn’t worth the risk and labour.
	It’s not scalable. While this might not take too much time for a few devices, it quickly becomes too much of a hassle for an entire fleet.
	It lacks flexibility. Physical USB blocking can only block or unblock the USB port. It lacks granular device control such as only blocking unauthorized storage devices.

Back to Table of Contents

USB Blocker Hardware for USB Ports

Sticking with the physical layer, you could try a USB port blocker. A hardware USB blocker works similarly to the epoxy method, but using a reversible lock-and-key system.

While it will require a greater initial investment than epoxy, the ability to protect your ports from permanent damage is more than worth it. Since the USB ports are completely blocked, physical port locking with USB blocker hardware offers protection against all USB devices.

Pros of this USB Blocker	Cons of this USB Blocker
It’s a functional USB blocker. The USB ports are truly blocked, ensuring that no devices can be used.	It’s not scalable. While this might not take too much time for a few computers, it quickly becomes too much of a hassle for an entire fleet. With a dedicated USB blocker software you can block or unblock unlimited USB ports in just a few clicks.
It’s cheap and easy! No need to purchase USB blocking software or spend time in the BIOS on each computer.	It’s inconvenient. Any time a USB device needs to be allowed an authorized user needs to physically come up to the computer and remove the USB lock to unblock the port.
Layered security. A physical USB blocker serves as an added layer of device control. When combined with USB blocker software a company will have full device control.	It lacks flexibility. Physical USB blocking can only block or unblock the individual port. It lacks granular device control such as only blocking unauthorized USB storage devices.
Platform agnostic. A physical USB lock works regardless of the operating system of the computer, though you’ll need to have unique USB blockers for each USB connection type.

Back to Table of Contents

USB Security Hardware

With so many security risks it can be risky to support allowing even trusted users to use their USB ports. USB security hardware such as a USB data blocker (“USB condom”) can allow charging via USB without enabling data transfer.

A USB firewall such as the USG can further protect against rogue USB devices by acting as an interface between a USB device and the user’s computer, limiting the USB device’s capabilities to only a few safe commands.

Pros of this USB Blocker	Cons of this USB Blocker
Layered security. USB security hardware serves as an added layer of device control. When combined with USB blocker software a company will have full device control.	It’s not reliable. These devices are great for providing another layer of security, but it’s not a reliable standalone tool. All it would take is a user neglecting to use the provided protection to introduce malware.
It’s great for third-party USB drives. For edge-cases where unauthorized devices may need to interface with the network, a USB firewall offers excellent protection against malware.	It’s inconvenient. With this tool the user needs to remember to bring a physical USB block with them. Should they lose the tool they’ll simply be tempted to use their port anyway.

Back to Table of Contents

Disable USB Ports on Each Computer

USB device trying to connect to a USB port. "Forbidden" symbol overlayed.

If you do not need a USB blocker solution that allows you to easily unblock USB ports as-needed, you could completely disable USB ports. On Windows devices this can be accomplished using the BIOS, by modifying Registry keys, disabling USB root hubs in Device Manager, or physically removing the USB ports altogether.

While this may be feasible in environments that genuinely have no use for USB ports, when you block USB ports in this way you also prevent the use of modern day keyboards and mice, among other USB devices that are essential for business use.

If you choose to leave any USB ports enabled it completely defeats the purpose of using a USB blocker in the first place. A user only needs one port to use unauthorized hardware to transfer files. With a USB hub they can easily connect multiple devices to any enabled ports.

Pros of this USB Blocker	Cons of this USB Blocker
It’s inexpensive. There’s no need to purchase software, all you need is time.	It harms employee productivity. Modern day keyboards, mice, and other peripherals need a USB port to function. Completely disabling the ports prevents the use of legitimate devices.
	It lacks flexibility. Fully disabling ports blocks access to all devices, including those related to the business’ legitimate needs.
	No visibility. If any ports are left enabled there is no way to monitor their use to ensure that unauthorized devices aren’t being used.

Looking for even more protection? Your cybersecurity risk management program needs to extend far beyond a USB block. Download the full CurrentWare Suite for enhanced control and visibility over your endpoints: Block dangerous websites, monitor employee computer activity, and restrict peripheral devices—all from the same central console.

Get My Free Trial

Chat With CurrentWare

Back to Table of Contents

Prevent Data Leaks Today—Get Started With AccessPatrol USB Blocker Software

Ready to stop data theft to USB devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB blocking software. Use AccessPatrol on a Windows PC or in a Citrix VDI deployment for free to test its USB blocking capabilities in your environment.

Block USB: Prevent the use of unauthorized USB devices on your Windows computers. The restrictions remain enforced on the device even without an internet connection
Granular Controls: Selectively block and unblock specific peripherals such as flash drives, external hard drives, SD/MM cards, Bluetooth, and WiFi. Assign unique security policies to each group of endpoints and users.
Monitor USB Activity: Get reports and alerts of removable storage device use. Find out what devices are being used, get auditable reports of file activity to portable storage, and get alerted when unauthorized devices are used.
Limit Data Transfer: Prevent authorized devices from stealing sensitive data by selectively restricting file transfers based on file name and extension.
Central Console: Access the password-protected web console from the convenience of a web browser to manage the solution and configure policies for your entire workforce.

Get My Free Trial Learn More

Case Study Viking Yachts Stops an Employee From Stealing Their Intellectual Property

The Best USB Control Software of 2023

1) AccessPatrol – The Best USB Control Software For Windows (Including Windows XP, 7, and 8!)

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Case Study Viking Yachts Stops an Employee From Stealing Their Intellectual Property

Support

2) ManageEngine Device Control Plus – Best Free USB Control Software

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Support

3) Ivanti Device Control – The Best Device Control Software for Mac

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Support

4) Endpoint Protector By CoSoSys – Best USB Lockdown Software for Linux

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Support

5) Gilisoft USB Lock – Best USB Lockdown Software for Home Users

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Support

6) Microsoft Intune – The Best USB Lockdown Software for Microsoft Enterprise Mobility + Security Suite Customers

Overview

Platforms & Deployment Options

Pros/Cons

Pros

Cons

Price

Key Features

Reviews

Support

FREE DOWNLOADRemovable Media Policy Template

What Are the Risks of Removable Media?

Data Leaks & Insider Data Theft

Data Loss & Integrity Risks

USB Malware & Viruses

Examples of Removable Devices

Case Study Metromont Improves User Awareness of USB Security Risks

USB Control Methods Overview

USB Blocker Software

Removable Media Policy

FREE DOWNLOADRemovable Media Policy Template

Block USB Ports With Epoxy, Super Glue, etc

USB Blocker Hardware for USB Ports

USB Security Hardware

Disable USB Ports on Each Computer

Prevent Data Leaks Today—Get Started With AccessPatrol USB Blocker Software

Related posts

Case Study
Viking Yachts Stops an Employee From Stealing Their Intellectual Property

Case Study
Viking Yachts Stops an Employee From Stealing Their Intellectual Property

FREE DOWNLOAD
Removable Media Policy Template

Case Study
Metromont Improves User Awareness of USB Security Risks

FREE DOWNLOAD
Removable Media Policy Template