How to Block USB Drives with AccessPatrol
Use AccessPatrol to block USB devices and monitor file transfer activity from USB ports on your computers.
Protect sensitive data against theft to unauthorized removable storage devices.
Click Here for Transcript
Hi there welcome to the CurrentWare video where today we will show you how to block employees from using USB devices at work. CurrentWare has been a leading provider of Internet restriction, employee productivity, and endpoint management software for over 15 years.
We’re excited to show you the administrative console today. In order to block employees from using USB devices at work you’d first be required to install the CurrentWare agent on each of your employee’s computers.
You can either do this by local or remote client install. Once the installation is complete the different computers and users will show up on the left side of the screen. The departments and groupings will be based on the directories that you assign for the CurrentWare console.
In this example, we have the administrator, development, marketing, and three other folders available. Once this is configured you have the ability to determine which devices are blocked or allowed using our AccessPatrol solution.
When we click into the device blocking section you can see the different devices that are available: Storage, wireless, and different ports. You have the simple ability to click into USB and choose between full access, read-only, or no access. No access would mean that no employee in that directory has access to use their USB
As you can see on the left side there are a lot more configuration options available. With the prevalence of cell phones, external hard drives, Bluetooth, and Wi-Fi, many IT departments have chosen to block these endpoints from being available for employees today.
In addition on Accesspatrol, you have the ability for device reporting. You can see the different files that are transferred between devices or if there are any block devices you have the ability to actually see which ones were plugged in.
In this example, we can see Brandon’s access of blocked devices. We’re able to see that although USB devices were blocked for Brandon he actually tried to plug in USB devices many times. AccessPatrol has many different ways to configure reports but also set up different device access for users, groupings, and departments.
We hope you found this demo useful and we’d be glad to show you more about AccessPatrol and the benefits that CurrentWare can provide by visiting CurrentWare.com. A 14-day free trial the software is also available. Thank you for watching!
Real Time USB Usage Alerts
Active Directory Integration
Allow Only Authorized USB Devices
Prevent Data Breaches
Trusted by
Check out our great reviews on Capterra!
"This software helps us to achieve compliance with industry and government requirements."
- Matthew W, Project Manager
Mindrum Precision
"Endpoint security simple and easy and economical. All in one place!"
- Pankaj S, President
eRecords USA
Control USB Devices in 3 Easy Steps
On the manager’s computer, install the CurrentWare Console
- Run the CurrentWare.exe setup file
- Ensure that AccessPatrol is selected
- The Installer will proceed to install the CurrentWare Server, CurrentWare Console, and AccessPatrol onto the computer
On the employees' computers, install the CurrentWare Client
- Run the client setup file on your employee’s computers
- Connect your computers to the CurrentWare Server
- You can now block USBs & other peripherals on your computers
- Repeat step 1-3 on all computers
Return to the manager’s PC & launch the CurrentWare Console
- Click Device Permissions to configure USB blocking policies for each group of computers or users
- Select Allowed List to permit access to authorized USB devices
- Use the Device Reports to audit removable storage usage
AccessPatrol Installation Tutorials
On-Premises Software Installation
Click Here for Transcript
Hey Everyone. This is Mike here. I’m the technical specialist within CurrentWare.
And today in this video, I’m going to show you how to install CurrentWare for your company use. After we complete this tutorial you will be able to monitor and control your user’s computers from the CurrentWare central management console.
If you would like to learn how to deploy CurrentWare for remote users, that topic is going to be covered in another tutorial. Please see the CurrentWare knowledge base at Currentware.com/Support for more details.
First, let’s go over how CurrentWare works.
CurrentWare operates on a client/server model.
The CurrentWare Console and Server will be installed on a dedicated computer or server in your network. The Web Console allows you to manage your CurrentWare policies and run reports from the convenience of a web browser on any computer within your network.
After that, you will install the CurrentWare Clients on each computer that you want to monitor, control, or track. Once the clients are installed on your user’s computers they will appear in the Web Console where you can run reports on their computer activities and apply any policies that you would desire.
Your CurrentWare policies can be implemented on a per-user account basis or per-device level account basis. This ensures that the restrictions will apply to your users no matter what managed device they use.
To begin, we are going to install the CurrentWare Console and Server.
For this part you will need the CurrentWare Setup file, which I currently have highlighted. If you do not have this file, you can go to Currentware.com/Download/ and fill out the form.
Once we open it up here, we’re just going to press next. Here you’ll be able to see the licensing agreement. So you have to accept the terms of the licensing agreement and select next.
Here you can see we’re installing the Console and the Server. And it also shows the location of where it will be installed.
Hit next
Here, all 4 of the solutions are selected. So we’re just going to hit install. This will install the CurrentWare Console.
Great, you can see the installation is complete and now it is going to create the SQL database.
Now, you’re going to be prompted to create an account. This account is how you will log in to your CurrentWare Console.
Once you’ve created the username, click “Add Operator”.
Here you can see the recommended exclusions for any third party antiviruses. You can see there’s 3 EXEs here and a couple ports to make sure that your CurrentWare software will run optimally.
Next, here we’re just going to finish up and it’ll launch the CurrentWare Web Console for you. And it prompts you to login. This login will be the login that it prompts you to create during the installation steps.
Now that the CurrentWare Console and Server is installed, it’s time to deploy the CurrentWare Clients on each computer that you would like to manage.
There are 4 key methods used to deploy the CurrentWare Clients.
- A local installation where you manually run the EXE on the computers you would like to manage
- Using the built-in remote client installation tool
- A remote installation using the command line
- And a remote installation using the Active Directory group policy with an MSI or Batch file
In this video I will cover the first three methods. If you would like to learn how to deploy CurrentWare with Active Directory, you can find articles for this on our knowledge base at www.CurrentWare.com/Support.
Let’s get started with the Client installation
Before we begin, make note of the hostname or IP address of the device that we just installed the CurrentWare server onto.
You can see that with the Web Console, this first part here is the hostname of my PC. It will be different for you, and it may even show an IP address.
Another simple way to get your computer name is to open the Command Prompt and type in hostname and it will show you your computer name.
The first installation we’ll go through is the local client installation. This is the simplest installation to do as it just requires you to run the cwClientSetup.exe file.
Enter that IP address or hostname of your server into this box.
Once we’re over here, we hit install.
Great, the installation is finished! It’s recommended to push a restart through to your client computer after the install to ensure that everything installed properly.
The next method is to use the built-in remote client installation tool. This tool is a convenient way to remotely deploy the CurrentWare Client to all of the computers within your network in just a few steps.
The remote client installation tool is found within the legacy desktop console on the same computer where you installed the Web Console.
The current default file path for the legacy desktop console is to open your C drive, go to Program Files (x86) folder, the CurrentWare folder, the cwConsole folder, and run the cwConsole.exe application.
Before we begin, Windows Firewall and User Account Control (UAC) must be disabled on your target computers.
Go to Install > Remote Client Install.
Here you can see the remote client install page. It shows you where the client is located, the file for installing it, the computer name of your server computer currently, and if you want to restart the client systems after the installation or not.
Choose next. Type in the name of the computers that you want to add. Click “Add Computer”. So that’ll add my computer now.
You can also import a list or you can use the search feature. The search feature will look on your network and find computers that are open for network sharing. It’s possible due to your setup that this feature may not work correctly if your network sharing is blocked.
Enter your username and password. If this is a domain, make sure that the domain user does have administrative privileges. You may also have to put the domain before the username.
Hit finish, and the installation is going to go out. If there’s any errors at this step, make sure to visit CurrentWare.com/Support to help with any of the error codes that you may receive.
As you can see, my client has successfully installed with the remote client installation tool.
Lastly, let’s look at the command line deployment. The last method here is ideal for deployments with a large number of clients and you have a network drive available.
We’ll move the CurrentWare install file to the root of your C drive, or onto the root of your network drive. Once you’ve done that, go ahead and start by typing the location of where you’ve placed it.
So you can see for me, it’s the root of my C drive; right at the front there.
After that, you need a space and then you’re going to type ALLUSERS=1 USERPARAMS=”-p Admin -ds (your computer or IP name)” /norestart /qn
That’s it for today. If you have any other technical questions our support team would be happy to help you over the phone, via live chat, or over email.
Simply visit CurrentWare.com/Contact to get in touch with us or visit CurrentWare.com/Support to access the self-serve knowledge base.
Remote Workers Software Installation
Click Here for Transcript
Want to monitor and secure employees who work from home?
With CurrentWare’s remote workforce management software you can improve employee productivity, data security, and business intelligence with advanced awareness and control over how technology is used in your organization.
After completing this tutorial you will be able to remotely update your CurrentWare security policies and monitor the computer activities of your remote workers from the convenience of the CurrentWare Console.
Today I will cover two key ways to deploy CurrentWare for remote workers:
1) Using port forwarding to connect offsite devices to an on-premises CurrentWare Server, and 2) Deploying the CurrentWare Server to a self-managed cloud virtual machine
For more information, you can visit the self-serve knowledge base at CurrentWare.com/Support or get in touch with the CurrentWare support team at CurrentWare.com/Contact.
Before the tutorials, I’d like to go over how CurrentWare works…
CurrentWare operates on a client/server model.
The CurrentWare Client is a software agent that collects computer activity data and enforces security policies on the device it is installed on.
The CurrentWare Server accepts and stores data from the CurrentWare Clients and pushes out security policies to your managed devices.
The CurrentWare Console is where you’ll manage your security policies and review the computer activity data of your remote workers.
The CurrentWare Console and Server will be installed on a computer, server, or cloud-based virtual machine.
After you set up the CurrentWare Console and Server, you will install the CurrentWare Client on each computer that you would like to monitor and control.
To monitor and manage these client computers when they’re taken off-site you will need to connect the CurrentWare Clients to the CurrentWare Server through port forwarding or a VPN.
Once the clients are installed on your user’s computers and connected to the CurrentWare Server, they will appear in the Web Console where you can run reports on their computer activities and apply your desired security policies.
As a backup, each CurrentWare Client has its own local database that stores user activity data and security policies. Should your remote employee lose connection with your network, their computer can still be monitored and restricted. Once they reconnect to the CurrentWare Server any security policy updates will be applied and their user activity data will be automatically uploaded.
With that out of the way, let’s go over the first method for monitoring remote employees with CurrentWare.
This section will teach you how to monitor remote employees when you have the CurrentWare Server installed on an on-site computer or server.
To do this, you will configure Port Forwarding rules that connect the CurrentWare Clients to the CurrentWare Server over a static public IP address.
While we will be focusing on Port Forwarding for this tutorial, a VPN may also be used to establish a connection between your remote worker’s computer and your company’s network.
To use a VPN in this way, you will need to ensure that your network topology allows the CurrentWare Client to connect to the CurrentWare Server by IP address.
The key advantage of using port forwarding over a VPN is that you can get real-time computer activity data from your remote workers without straining your VPN’s bandwidth. This is ideal for remote teams that struggle with bandwidth overload when all of their employees are connected to the VPN simultaneously.
As a bonus, with port forwarding your employee’s activity data and security policies are kept up-to-date no matter what internet connection they use.
To begin, Mike will show you how to install the CurrentWare Console and Server. Later in this tutorial, we will install the CurrentWare Clients on your remote employee’s computer and use port forwarding rules to connect them to this server.
Hey Everyone. This is Mike here. I’m the technical specialist within CurrentWare.
For this part, you will need the CurrentWare Setup file, which I currently have highlighted. If you do not have this file, you can go to Currentware.com/Download/ and fill out the form.
Once we open it up here, we’re just going to press next. Here you’ll be able to see the licensing agreement. So you have to accept the terms of the licensing agreement and select next.
Here you can see we’re installing the Console and the Server. And it also shows the location of where it will be installed.
Hit next
Here, all 4 of the solutions are selected. So we’re just going to hit install. This will install the CurrentWare Console.
Great, you can see the installation is complete and now it is going to create the SQL database.
Now, you’re going to be prompted to create an account. This account is how you will log in to your CurrentWare Console.
Once you’ve created the username, click “Add Operator”.
Here you can see the recommended exclusions for any third-party antiviruses. You can see there’s 3 EXEs here and a couple of ports to make sure that your CurrentWare software will run optimally.
Next, here we’re just going to finish up and it’ll launch the CurrentWare Web Console for you. And it prompts you to log in. This login will be the login that it prompts you to create during the installation steps.
All right, thanks, Mike!
Now that you’ve installed the CurrentWare Server and Console, it’s time to configure inbound port forwarding rules on your router. These port forwarding rules will be used to send traffic from your remote employees’ CurrentWare Clients to the CurrentWare Server.
On your router, forward the following port traffic to the static public IP address of your CurrentWare Server computer
Ports 8990 all the way to 8998 (TCP and UDP)
Ports 1433 & 1434 (TCP and UDP)
And finally, Port 443 (TCP and UDP)
In order for port forwarding to work, you will need to ensure that your CurrentWare Server is on a network that has a static public IP address. This can be obtained from your internet service provider.
For instructions on how to set up Port Forwarding for your specific router, please refer to the instructions from your manufacturer
Next, you need to use the SQL Server Configuration Manager to allow network connectivity on TCP port 1433.
To do this, you will need to…
Launch the SQL Server Configuration Manager
Expand SQL Server Network Configuration
Select Protocols
Right-click on the option “TCP/IP” and select “Properties”
Click on the IP addresses tab
Scroll down to “IPAll”
Then for TCP Port put in 1433
Now that you’ve prepared the CurrentWare Server, it’s time to deploy the CurrentWare Clients to your employee’s computers.
If you already have CurrentWare Clients deployed and you need to redirect them to a different server, please visit CurrentWare.com/Support and search for “How do I redirect the CurrentWare Client to another CurrentWare Server?”.
There are multiple ways to deploy the CurrentWare Client. For this tutorial, I will show you the local client installation. This is the simplest installation to do as it just requires you to run the cwClientSetup.exe file.
For large-scale deployments, you can also use Group Policies or a dedicated third-party software deployment tool.
Alright, let’s get started
To install the CurrentWare Client on your employee’s computer, simply run the cwClientSetup.exe file.
Here, you’ll see that it asks for an IP address or computer name. For this setup, you will put in the static public IP address of the CurrentWare Server’s Network.
Click next, then click “Install”
And that’s it! All that’s left to do is restart the computer.
If there are any issues connecting the CurrentWare Clients to the CurrentWare server, please ensure that the public IP address of your CurrentWare Server network is static and verify that your Firewall is not blocking the following TCP and UDP ports: 8990-8998, 1433, 1434, and 443
Depending on your antivirus software CurrentWare’s tracking features may get it falsely flagged as a potentially unwanted program. For the best results, you should exclude all of the CurrentWare components from your antivirus program.
For more information, please search for “antivirus” at CurrentWare.com/Support
Now that the Clients are installed and connected to the CurrentWare Server, your employee’s devices and user accounts will appear in the Web Console where you can run reports on their computer activities and apply your desired security policies.
To access the Web Console within the local area network of the CurrentWare Server, simply open the web browser of your choice and enter your CurrentWare Server’s static public IP address or hostname into the browser URL bar, followed by:8998.
Then, type in the operator username and password you created during the installation.
In a standard installation, the Web Console is only accessible to devices within your local area network. To access the Web Console remotely from an off-network device, you will need to make one last change
On the machine with the CurrentWare Server and Console installed, browse to the following directory: C:\Program Files (x86)\CurrentWare\cwWebConsole\WebConsole\.
In this folder, search for a file called app-config.json. Right-click on it and select Open With, then find “Notepad”.
With the app-config.json file open in Notepad, you will see a line of text with a pre-populated API_URL. Replace the existing IP address or hostname you see here with the static public IP address of the machine that is hosting the CurrentWare Server.
Finally, save your changes.
That’s it! Now that your inbound port forwarding rules are in place and the app-config.JSON file is configured properly, you will be able to remotely access your CurrentWare Web Console even when you’re away from the local area network of the CurrentWare Server.
To do so, simply enter your static public IP address followed by:8998 in the address bar of a web browser.
Next, I will show you how to deploy CurrentWare to the cloud.
This setup is similar to a standard on-premises deployment, except instead of using an on-site computer or server to host the CurrentWare Server you will create a virtual machine on the cloud platform of your choice.
The deploy CurrentWare to the cloud, you will need to first configure the virtual machine to accept CurrentWare traffic
Install the CurrentWare Server on the virtual machine
Deploy the CurrentWare Clients on the computers you would like to monitor and control
and configure the CurrentWare Clients to connect to the CurrentWare Server using the static public IP address of the cloud-based virtual machine.
All right, let’s get started!
First, you need to create a virtual machine on the cloud platform of your choice.
For this example, we will be using Azure but you could also use another cloud service provider such as Google Cloud Platform or Amazon Web Services.
At the time of this recording, CurrentWare is exclusively for monitoring and managing employees on Windows computers. For the most up-to-date system requirements, please visit CurrentWare.com/support/system-requirements/
To create a Windows virtual machine in Azure, follow these steps:
1) Log in to your Microsoft Azure Portal.
2) In the search bar, type virtual machines
Under Services, select Virtual machines.
On the Virtual machines page, click Create, then select Virtual machine from the drop-down menu
Next, create a virtual machine with the following configurations.
Under the Basics tab, enter your desired Virtual Machine name, Windows Image, and instance Size.
Under the Administrator account, provide a username and a password. Later on, you will use these credentials to log into the virtual machine.
Under Inbound port rules, choose Allow selected ports and then select RDP (Port 3389) and HTTPS (Port 443) from the drop-down.
Then, confirm the Licensing checkbox before moving on to the next tab.
Under the Disks tab, select your desired operating system disk type and encryption type. In this case, we’ll use a Standard HDD and the default encryption settings
Under the Networking tab go to the Public IP section and click on Create new. This will create a public IP address for your virtual machine.
When you are ready, click on the Review + create button at the bottom of the page to create your virtual machine.
Once your virtual machine is created, you’ll find the static IP address under properties. Take note of the IP address, you will need it for your CurrentWare client deployment.
Now that you’ve created your virtual machine, we’re going to connect to it via RDP so you can configure it to accept traffic from your CurrentWare Server and Clients.
Here’s how:
First, log in to your Azure portal.
Then, go into Virtual machines.
Click on the name of your virtual machine and from the left menu under Settings, select Connect.
Under the RDP tab choose the appropriate IP address and port number. In most cases, the default IP address and port should be used.
Next, select Download RDP File. Open the downloaded RDP file and select Connect when prompted. You will get a warning that the .rdp file is from an unknown publisher. This is expected and is not a cause for concern in this case.
When prompted for your credentials, enter the username and password you created earlier, then select OK
If a certificate error comes up, you can select “Yes” to continue
Now that you’re connected to the virtual machine, here are the changes you need to make to allow it to accept traffic between your CurrentWare Server and Clients.
On your Azure portal, select your virtual machine.
From the left menu under Settings, select Networking.
Click on the button Add Inbound Port Rule.
From the Service menu, choose Custom.
Enter the Destination Port Range: 8990-8998, 1433 and 1434
Set the Priority to any number you prefer.
Give it a name and then click Add.
With these settings, your virtual machine is all set to allow traffic to flow freely between the CurrentWare Server and Client.
Next, Mike will show you how to install the CurrentWare Server and Console on the virtual machine. After that, we will deploy the CurrentWare Clients to your employee’s computers.
Hey Everyone. This is Mike here. I’m the technical specialist within CurrentWare.
For this part, you will need the CurrentWare Setup file, which I currently have highlighted. If you do not have this file, you can go to Currentware.com/Download/ and fill out the form.
Once we open it up here, we’re just going to press next. Here you’ll be able to see the licensing agreement. So you have to accept the terms of the licensing agreement and select next.
Here you can see we’re installing the Console and the Server. And it also shows the location of where it will be installed.
Hit next
Here, all 4 of the solutions are selected. So we’re just going to hit install. This will install the CurrentWare Console.
Great, you can see the installation is complete and now it is going to create the SQL database.
Now, you’re going to be prompted to create an account. This account is how you will log in to your CurrentWare Console.
Once you’ve created the username, click “Add Operator”.
Here you can see the recommended exclusions for any third-party antiviruses. You can see there’s 3 EXEs here and a couple ports to make sure that your CurrentWare software will run optimally.
Next, here we’re just going to finish up and it’ll launch the CurrentWare Web Console for you. And it prompts you to log in. This login will be the login that it prompts you to create during the installation steps.
All right, thanks, Mike!
Now that you’ve prepared the CurrentWare Server, it’s time to deploy the CurrentWare Clients to your employee’s computers.
If you already have CurrentWare Clients deployed and you need to redirect them to a different server, please visit CurrentWare.com/Support and search for “How do I redirect the CurrentWare Client to another CurrentWare Server?” for more information.
There are multiple ways to deploy the CurrentWare Client. For this tutorial, I will show you the local client installation. This is the simplest installation to do as it just requires you to run the cwClientSetup.exe file.
For large-scale deployments, you can also use Group Policies or a dedicated third-party software deployment tool.
Alright, let’s get started
To install the CurrentWare Client on your employee’s computer, simply run the cwClientSetup.exe file.
Here, you’ll see that it asks for an IP address or computer name. For this setup, you will put in the static public IP address of your virtual machine.
Click next, then click “Install”
And that’s it! All that’s left to do is restart the computer.
If there are any issues connecting the CurrentWare Clients to the CurrentWare server, please ensure that the public IP address of your CurrentWare Server network is static and verify that your Firewall is not blocking the following TCP and UDP ports: Ports 8990-8998, 1433,1434, and 443.
Depending on your antivirus software CurrentWare’s tracking features may get it falsely flagged as a potentially unwanted program. For the best results, you should exclude all of the CurrentWare components from your antivirus program.
For more information, please search for “antivirus” at CurrentWare.com/Support
Now that the clients are installed and connected to the CurrentWare Server, your employees’ devices and user accounts will appear in the Web Console where you can run reports on their computer activities and apply your desired security policies.
In a standard installation, the Web Console is only accessible to devices within your local area network. To access the Web Console remotely from an off-network device, you will need to make one last change
On the machine with the CurrentWare Server and Console installed, browse to the following directory: C:\Program Files (x86)\CurrentWare\cwWebConsole\WebConsole\.
In this folder, search for a file called app-config.json. Right-click on it and select Open With, then find “Notepad”
With the app-config.json file open in Notepad, you will see a line of text with a pre-populated API_URL. Replace the existing IP address or hostname you see here with the static public IP address of the machine that is hosting the CurrentWare Server.
Finally, save your changes.
That’s it! Now that your inbound port forwarding rules are in place and the app-config.JSON file is configured properly, you will be able to remotely access your CurrentWare Web Console even when you’re away from the local area network of the CurrentWare Server.
To do so, simply enter your static public IP address followed by:8998 in the address bar of a web browser.
That’s it for today. If you have any questions our support team is here to help. Simply reach out to us at CurrentWare.com/Contact or visit CurrentWare.com/Support to access our self-serve knowledge base.
If you’re not already familiar with CurrentWare, you can learn more about our products and get a free trial at CurrentWare.com/Products.
See you next time!
Setup File Contents
- CurrentWare.exe: CurrentWare server & console setup file—to be installed on a manager’s computer, server, or virtual machine
- cwClientSetup.exe: CurrentWare client setup file—to be installed on the employee or student’s computer
Try AccessPatrol for Free
Fully Functional. Easy to use. Install in minutes
Secure Data Against Insider Threats
USB Control
Protect sensitive data with AccessPatrol’s USB DLP solutions. Use the USB blocking features to limit the use of USB ports, storage devices, wireless connectivity, communication ports, imaging devices, and other peripherals.
- Custom Permissions: Implement unique access controls for each user, department, and endpoint. Set USB blocking permissions to read only, read/write, or no access.
- Authorize Devices: Limit the use of USB ports to specific company-approved devices. Simply add your whitelisted devices to AccessPatrol’s Allow List to always allow authorized USB drives to connect to your endpoints.
- Access Codes: Allow specific users to temporarily bypass USB port restriction policies with a device access code.
Test drive the live demo
Test drive the live demo
USB Monitoring & Forensics
AccessPatrol’s USB activity reports allow you to easily audit activity on USB ports in your organization. Get increased visibility into high-risk data transfers, frequency of USB ports usage, and more.
- File Operations: Collect auditable records of file transfers through USB ports. Maintain timestamped evidence of files that have been Created, Copied, Deleted, Saved As, or Renamed to USB devices by each user.
- USB Auditing: Track employee USB port history for high-risk activity such as unauthorized file transfers, suspiciously large file transfers, and attempts to use blocked USBs.
- Activity Alerts: Get USB activity alerts sent straight to designated inboxes when high-risk activities and policy violations occur. Schedule reports to be regularly sent for review.
What Makes AccessPatrol the Best USB Security Solution?
- Central Console: Configure USB blocking security policies for your entire workforce from the convenience of a central console. Access the console from a web browser on any computer in your network or configure remote access.
- Active Directory: Import your OUs directly into the console. Manage both AD and non-AD users and computers. Enable AD sync to automatically import new OUs and users/computers.
- Restrict File Transfers: Allow only authorized USB devices, then further restrict USB usage by limiting what filetypes can be transferred to removable media drives.
Test drive the live demo
Case Study
Viking Yachts Protects Sensitive Information From a Departing Employee
When it comes to data security, businesses are faced with a serious predicament: You want to show your employees that you trust them, but you also need to keep sensitive data safe from theft and misuse.
The data security risks of offboarding employees simply cannot be understated. It’s been reported that 70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement.
Without a USB security application organizations have no way to monitor for and prevent these data security threats; data theft is as easy as users plugging in removable storage hardware into a USB port and transferring the files.
Vincent from Viking Yachts discovered this first hand when an employee in their company put in their 3-weeks notice. After Vincent audited the employee’s USB activity with AccessPatrol he found evidence of a large data transfer to USB storage hardware coming from the employee’s account.
“I was asked to audit an employee that gave their 3-weeks notice. When I ran AccessPatrol’s reports I found that they were transferring a large amount of classified company files to take with them! If we didn’t have CurrentWare we would have never known what was going on.”
Once confronted with the evidence, the employee confessed to their crimes. The insights provided by AccessPatrol’s USB storage use reports were essential for capturing evidence of the attempted data theft.
“CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”
Try AccessPatrol for Free
Fully Functional. Easy to use. Install in minutes
AccessPatrol Device Control FAQ
Can I Set Unique USB Restrictions for Different Computers or Users?
Yes. With AccessPatrol’s USB security features you can block or allow USB devices and other peripherals for each computer, user, department, or other organizational unit (OU) in your company.
To do this, AccessPatrol’s management console allows you to create group folders with separate policies. This feature is perfect to restrict USB devices for most employees while still providing access for trusted administrators that need unrestricted access.
You can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block USB drives at specific times.
Are There Any Limits to the Free Trial?
The free trial of our USB security software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate AccessPatrol in your network, reach out to our support team.
Who Uses CurrentWare?
CurrentWare has a global client base across a variety of industries including government, healthcare, finance, nonprofit, and manufacturing.
CurrentWare’s customers use our computer monitoring, web filtering, and USB security software to protect their business against time theft, data leakage, and web-based threats.
Read our data loss prevention and USB security software customer case studies to learn more.
Can I Block Specific File Types from Being Transferred via USB Ports?
Yes. AccessPatrol can prevent your end-users from copying specific files to a USB flash drive. These USB file transfer restrictions can be configured based on the file name or file extension.
The data transfer blocking feature can also be used on devices that are on the allowed list. This lets you provide access to company-authorized USB drives while still protecting the data in your network against exfiltration to portable storage hardware.
Does Currentware Have Access to my Employee's Reports?
No. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. Installation and management is determined exclusively by your organization.
All of the data collected by CurrentWare’s monitoring software is stored on a database that is installed in a data center in your organization’s network or on a virtual machine provided by a cloud service provider of your choice.
For more information please refer to our Terms of Service
Is This a Cloud Solution?
No, our USB port security software are not cloud-native. At this time AccessPatrol will continue to be offered for on-premises deployments, however, you can install CurrentWare’s software on a cloud platform of your choice with our Self-Hosted Cloud Option.
CurrentWare will not have access to your employee’s data. All of the data collected by CurrentWare’s employee monitoring and endpoint security solutions are stored on a database that is fully controlled and managed by your organization. For more information please refer to our Terms of Service
Can I Restrict and Monitor USB Activities in Citrix, Remote Desktop, and/or Windows Terminal Server Environments?
Yes. CurrentWare is a certified Citrix Ready Partner.
The CurrentWare Suite (AccessPatrol, BrowseControl, BrowseReporter, and enPowerManager) is supported on desktop computers, virtual machines (VMs), and servers running modern versions of the Windows OS.
You can install the CurrentWare Clients on your Citrix Workspace running Windows. In addition, all CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS).
When controlling USB port permissions in Citrix with CurrentWare you can block USBs on PC Mode to restrict the individual virtual machine or on User Mode to restrict peripherals for specific users across multiple computers and/or virtual machines.
Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; to apply granular policies for each user, department, or Organizational Unit you will need to use User Mode.
Learn More:
CurrentWare for Remote Desktop & Terminal Server
Which Peripherals Can I Restrict With AccessPatrol?
AccessPatrol allows you to control the following peripheral devices on your users’ computers.
| Devices You Can Control | Access Permissions |
| USB | Full / Read only / No access |
| DVD /CD | Full / Read only / No access |
| Floppy | Full / Read only / No access |
| Tape | Full / Read only / No access |
| External Hard drive | Full / Read only / No access |
| Firewire | Full / Read only / No access |
| SD Card | Full / Read only / No access |
| MM Card | Full / Read only / No access |
| Bluetooth | Full / No access |
| Infrared | Full / No access |
| Wifi | Full / No access |
| Serial | Full / No access |
| Parallel | Full / No access |
| Scanners | Full / No access |
| Cameras, Webcams & Others | Full / No access |
| Printers | Full / No access |
| USB Ethernet Adapter | Full / No access |
| Sound Cards | Full / No access |
| Portable Hardware (iPhones, Mobile Devices) | Full / No access |
| Network Share | Full / No access |
Learn More:
USB Restriction with AccessPatrol
Can I Use AccessPatrol for My Remote Team?
Yes. CurrentWare’s endpoint protection software solutions support a variety of deployment options that allow you to disable USB drives no matter where your employees work.
To learn more about increasing the security of remote workers with our security software, visit this article: How to Set Up USB Security Software for Remote Teams
Will My Employees Know Their Computers Are Being Monitored?
As with any CurrentWare Suite product, your organization determines how visible the software is.
AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB hardware they can be presented with an optional warning message.
The CurrentWare software client that is used by our USB security software operates in stealth mode by default.
In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the employee’s computer. Your employee will not be able to uninstall the program or stop it without administrator privileges.
If you would like your employees to be aware that they are being monitored, you can choose to show the CurrentWare software client by enabling it in the client software settings.
If you would like to disable monitoring altogether, visit this article: How Do I Disable AccessPatrol’s USB Tracking?
How Can I Get Started With USB Protection in my Network?
- Download & Install AccessPatrol
Download the files for your free USB security software trial. On the administrator’s computer, run CurrentWare.exe to begin the installation of the endpoint security software. - Deploy the Software Clients
Deploy the CurrentWare software client (cwClientSetup.exe) on all the computers you want to restrict with our endpoint security solutions. You can deploy the software client with a local install or by using Active Directory, SCCM, or our built-in remote deployment tool. - Monitor Your Employees & Restrict USB Hardware
After the installation, you will see all of your employee’s computers on the CurrentWare Console. From this console, you can run detailed reports on all of your employees’ USB activities and use AccessPatrol’s USB security features to protect data against insider security threats.
Try AccessPatrol for Free
Fully Functional. Easy to use. Install in minutes