USB Device Control Software to Prevent Employee Data Theft

  • Stop Data Theft to Removable Storage Devices
    Block unauthorized USB storage devices to limit illicit file transfers and protect confidential data
  • USB Activity Dashboards & Reports
    Get advanced insights into peripheral device usage and file operations
  • Protection On Any Network
    USB security policies travel with your devices, keeping sensitive data safe when users leave the network

Trusted by

pepsi cola logo
mitsubishi electric
New York City Department of Transportation Logo

& many more

Trusted by

mitsubishi electric
pepsi cola logo
Viking Yachts
New York City Department of Transportation DOT Logo

and many more

Device Control Software to Monitor & Block Removable Storage Devices

Intuitive & Flexible USB
Blocking Software

Protect sensitive data with AccessPatrol’s device control solutions.

Block or limit the use of a USB port based on storage devices, wireless connectivity, communication ports, imaging devices, and other peripherals.

Device control policies can be uniquely configured for each user, endpoint, and department.

  • Easily block USBs, optical media, mobile devices, SD cards, and other removable media
  • Disable wireless connections through Bluetooth devices, infrared, and WiFi
  • Block employees from using scanners, printers, and cameras to steal sensitive data
Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

Monitor USB Activity for Suspicious and High-risk Behaviour

AccessPatrol’s device control features include a USB activity monitor for increased visibility into high-risk data transfers.

  • Receive real time email alerts when employees violate your endpoint security policies
  • USB file tracing features allow you to to see files that have been copied, created, deleted, or renamed on removable media devices
  • Review USB activity logs to trace data breaches back to their source

Prevent the Use of Untrusted Removable Devices

AccessPatrol’s device control solutions give you the features you need to ensure data protection against portable devices.

  • Effortlessly block all peripheral devices that fall outside of your allowed devices lists
  • Provide greater USB access to tech support and other trusted users
  • Temporarily grant time-limited access to blocked devices using the Access Code Generator
AccessPatrol's USB allowed list with a list of trusted USB devices
AccessPatrol central web console close up

Centralized USB Management for Scalable Device Control

AccessPatrol’s centralized monitoring and management console lets you implement device control policies from the convenience of a web browser.

  • Precise and Granular Control: Control portable devices based on groups of users or computers
  • Active Directory Sync: Use Active Directory sync to import your existing organizational units
  • Protect Remote Devices: Device control policies travel with laptops, allowing you to easily enforce security policies for remote teams

Restrict File Transfers to Storage Devices

With AccessPatrol’s USB file transfer blocking feature you can prevent files from being transferred to portable storage devices based on their filename or extension.

  • Allowed List: Limit what files can be transferred to storage devices based on file extensions and keywords in filenames
  • Block File Transfers: Prevent file transfers between storage devices and PCs, even on trusted storage devices
  • Renamed File Extension Blocking: AccessPatrol uses file signatures to detect the original file extension of a file, preventing users from renaming files to bypass your DLP policies
AccessPatrol Block File Transfer Whitelist
viking yachts

Case Study

Viking Yachts Protects Sensitive Information From a Departing Employee

“CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”

A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

The Essential Role of a USB Device Control Solution

USB DLP—Prevent Data Loss to Flash Drives

Even authorized external devices can pose a data loss risk if they are misused, lost, or stolen. The portability of removable storage devices makes it difficult to prevent users from losing them.

How to Prevent Data Loss to USB Drives With AccessPatrol:

  • Limit the USB devices that can be used to a specific list of trusted devices
  • Review the recent activity of missing USB devices to determine the last time it was used and what data was transferred to it
  • Restrict the file types and filename keywords that can be transferred to portable storage devices

Monitor USB Activity to Collect Evidence of Data Transfers

Device control solutions provide insightful and easily accessible device usage reports.

These reports track USB activities such as:

  • File operations to removable storage
  • What USB devices are being used in the network
  • The USB device access history of endpoints
  • Which user was responsible for inserting unauthorized devices into a USB port

Having access to the usage history of USB devices is valuable for investigating data loss to unauthorized devices that have been plugged into USB ports in your network.

Prevent Data Theft to Insider Threats

Insider threats are a significant risk to data security. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.

  • 70% of intellectual property data theft occurs within the 90 days before an employee’s resignation announcement
  • 72% of CEOs admit they’ve taken valuable intellectual property (IP) from a former employer
  • 50% of respondents in a Symantec survey say they have taken information, and 40% say they will use it in their new jobs

With AccessPatrol’s device control features you can prevent data loss to USB removable media devices and other high-risk peripherals.

Learn more: How to Keep Data Safe When Offboarding

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

We’re Here to Help

The CurrentWare team prides itself on its high-quality customer support. We will support you every step of the way—whether you’re just starting your free trial or actively using CurrentWare in your network.

At CurrentWare, customer success is our priority at every stage of your journey. We take pride in providing high-quality and reliable pre and post-sale support to make your experience exceptional.

We offer the same level of high-quality support to all of our customers—no extra fees or packages necessary!

Mike Noseworthy
Customer Support Lead

Product Training

CurrentWare provides the documentation, training, and other resources you need to take full advantage of the capabilities of our products.

Technical Support

Our expert support team is here to help you. Reach out to us over email, live chat, or phone from 8:00 AM – 7:00 PM EST, Monday to Friday.

Check Out Our Great Reviews!

This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.

Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees

In my nearly 40 years in the IT business I’ve worked with a lot of support teams. I really appreciate CurrentWare going the extra mile to help me get the most out of the product. They’ve definitely outweighed any of the other competitors that I’ve looked at.

Jerry Slocum, Managed Services Provider
Haggerty Auto Group, 150-200 Employees

Data leaks have been thwarted by AccessPatrol. When an unauthorized device is detected, an email alert is sent immediately. It enables real-time audit reports on accessed and blocked devices.

Karen M., Senior Director of Marketing
Construction Industry, 10,001+ employees

We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees

Expand your capabilities with CurrentWare's award-winning productivity and security software

Free removable media policy template from CurrentWare

Removable Media Policy

Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.

  • Set data security standards for portable storage
  • Define the acceptable use of removable media
  • Inform your users about their security responsibilities

Device Control Best Practices

Establish Administrative Safeguards for Removable Media

A holistic data loss prevention strategy requires more than just technical safeguards—it needs clear policies and procedures that employees must follow.

Examples of Administrative Safeguards:

  • Security awareness training for employees
  • Written policies and procedures
  • Incident response plans
  • Background checks

Appoint a Staff Member to Manage Device Control Policies

To prevent your network USB control policies from affecting productivity you need a designated member of staff that can enable USB ports to allow temporary device access on an as-needed basis.

AccessPatrol makes changing your USB security settings simple and intuitive:

  • Use the Access Code Generator to provide temporary access to USB ports for a limited time
  • Create device control policy groups to apply unique restrictions based on risk
  • Easily add new trusted devices to the allow list in just a few clicks
  • Optionally import your Active Directory organizational units to manage USB policies with your existing OUs

Establish a Removable Media Policy

removable media policy is a type of information security policy that dictates the acceptable use of portable storage devices such as USB flash drives, external hard drives, and tape drives. 

How restrictive your policies are will typically be based on the risk level of a given user. A user’s risk level will vary based on their role and their level of access to sensitive data.

For example, a healthcare employee that works with electronic health records (EHR) will have their device access more restricted than a marketing employee that needs to easily share content briefs with external parties.

Need a written removable media policy? Get writing tips and download our free template here.


Use Encryption to Protect Data on Removable Devices

Encryption is an essential component of data protection for USB flash drives.

Without enforced encryption a lost USB device can readily have its contents stolen and distributed to unauthorized parties.

To encrypt removable storage, Bitlocker-to-Go is a viable option for Windows systems, VeraCrypt can be used for MacOS/Windows/Linux, and FileVault can be used with MacOS.

To ensure consistently enforced encryption you can even purchase USB devices that include built-in hardware or software encryption.

Maintain an Inventory of Approved USB Devices

To prevent unauthorized use of personal removable storage devices you will need to block USB devices and selectively allow trusted devices.

For the best device control you must manage who can acquire authorized devices with administrative controls.

With a USB device inventory you can require users to sign out authorized peripherals as-needed and have them return the device at the end of the day.

Once returned you can use antivirus software to scan for malware, ensure that encryption is enabled on all removable storage, and wipe data from the peripherals.

Set USB Activity Alerts

AccessPatrol’s email alerts feature provides real-time security alerts of endpoint USB activities.

Device alerts can be configured to alert designated staff members in real-time when specific, unknown, allowed, or blocked peripherals are connected to a USB port.

File operations alerts will notify designated staff members in real-time when files are copied, created, deleted, or renamed on a USB storage device.

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

Flexible Deployment Options

With CurrentWare’s user activity monitoring solutions you’re in complete control of how your data is stored, secured, and retained. Your employees' data cannot be accessed by CurrentWare.


On Premises

Have Complete Control of Your Data


Install the management software on a standard computer, then deploy the client software to your users' computers


Remote Workers

Monitor & Manage on Any Network


Connect your remote employees’ computers to the management software with simple port forwarding rules


Self-Managed Cloud & VDI

Citrix, Azure, AWS, GCP, and More!


Enjoy the scalability and availability of the cloud alongside the security, control, and flexibility of our on-premises solution

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

AccessPatrol’s USB Control & Data Loss Prevention Features

Block USB

Block USB

One click to block USB portable storage devices 

Block External Devices

Peripheral Control

Easily block DVDs, iPods, external hard drives and more

Device Permissions

Device Permissions

Set full access, read only or no access on storage devices

Allowed List

Allowed List

Allow specific trusted peripheral devices to be used


USB Activity Reports

Report on devices accessed or blocked on your network

Track File Transfers

Log USB File Transfer

Monitor files that are copied to USB storage devices

Deivce Access Code

Access Code Generator

Provide temporary access to peripheral devices

Email Alert

Email Alerts

Get alerts of unauthorized file transfers and device use

Email Report

Email Reports

Schedule device reports directly to your administrator's inbox

Block Phones

Block Phones

Prevent users from connecting phones to company computers

Block Files

Block File Transfers

Prevent files from being transferred to portable storage


Stealth Mode

AccessPatrol can run silently in the background or alert users

Internet Off

Centralized Console

Manage all your users from the
centralized console with Active
Directory import or syncing

Internet Off

Platform Security

Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more

Internet Off

Offsite Management

Extend onsite Internet usage
policies to laptops running outside
the corporate network

Internet Off

SQL Server Supported

Database scaled for enterprise and
large business operations using
Microsoft SQL Server

CurrentWare Suite

Get all 4 modules for the best value or choose the exact solutions you need

Get Advanced Activity Insights

BrowseReporter is a versatile employee monitoring software to track productivity and efficiency.

  • Make informed decisions
  • Enforce company policies
  • Improve productivity
today's insights user score cards

Block Harmful Websites

BrowseControl is an easy-to-use website blocking software for restricting internet access.

  • Block URLs & categories
  • Block unwanted apps
  • Website allow & block lists
Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Stop Data Theft to USB Devices

AccessPatrol is USB control software to protect sensitive data against theft to portable storage devices.

  • Block USB devices
  • USB file activity alerts
  • Block file transfers
AccessPatrol peripheral device permissions mockup block usb

Control PC Power States

enPowerManager is a remote PC power manager for centrally managing power settings across all endpoints.

  • Track logon and logoff times
  • Log PC power event history
  • Remotely shutdown PCs
Screenshot of enPowerManager's PC power schedule with weekly boot, restart, and shutdown events scheduled

AccessPatrol Device Control & Data Loss Prevention Software FAQ

Can I Set Unique Device Control Policies for Different Computers or Users?

Yes. With AccessPatrol’s USB control features you can block or allow USB flash drives and other peripherals for each computer, user, department, or other organizational unit (OU) in your company. 

To do this, AccessPatrol’s management console allows you to create group folders with separate policies.

This feature is perfect for balancing USB data security with productivity; you can control USB devices for most employees while still providing access for trusted administrators that need unrestricted access.

You can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block USB devices at specific times.

Are There Any Limits to the Free Trial?

The free trial of our USB device control software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate AccessPatrol in your network, reach out to our support team.

Who Uses This USB Control Software?

CurrentWare has a global client base across a variety of industries including government, healthcare, finance, nonprofit, and manufacturing.

CurrentWare’s customers use our computer monitoring, web filtering, and USB control software to protect their business against time theft, data leakage, and web-based threats.

Read our data loss prevention and device control software customer case studies to learn more.

Can I Block Specific File Types from Being Transferred via USB Ports?

Yes. AccessPatrol can prevent your end-users from copying specific files to a USB device. These USB file transfer restrictions can be configured based on the file name or file extension.

The data transfer blocking feature can also be used on devices that are on the allowed list. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable storage hardware.

Does CurrentWare Have Access to Employee Data?

No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.

All of the data collected by CurrentWare’s software is stored on a database that is installed in your organization’s data center or cloud service provider.

With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.

  • Sensitive employee data stays secured to your standards rather than being sent to a third party.
  • Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
  • Retain auditable records of user activity for as long as you need

For more information please refer to our Terms of Service.

Is This a Cloud Solution?

The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.

Our USB control and endpoint security solutions are not cloud-native. 

Learn More:

CurrentWare will not have access to your employee’s data. All of the data collected by CurrentWare’s employee monitoring and endpoint security solutions are stored on a database that is fully controlled and managed by your organization. For more information please refer to our Terms of Service.

Can I Restrict USB Devices and Monitor USB Activities in Citrix, Remote Desktop, and/or Windows Terminal Server Environments?

Yes. CurrentWare is a certified Citrix Ready Partner. The CurrentWare Suite (AccessPatrol, BrowseControl, BrowseReporter, and enPowerManager) is supported on desktop computers, virtual machines (VMs), and servers running modern versions of the Windows operating system.

You can install the CurrentWare Clients on your Citrix Workspace running Windows. In addition, all CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS).

When controlling peripheral devices in Citrix with CurrentWare you can block devices on PC Mode to restrict the individual virtual machine or on User Mode to restrict devices for specific users across multiple devices and/or virtual machines.

Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; to apply granular policies for each user, department, or Organizational Unit you will need to use User Mode.

Learn More:
CurrentWare for Remote Desktop & Terminal Server

CurrentWare for Citrix Activity Monitoring

CurrentWare System Requirements

Which Devices Can I Control With AccessPatrol?

In addition to USB device control, AccessPatrol USB control software allows you to control the following peripheral devices on your users’ computers.

Devices You Can Control Device Access Permissions
USB Full / Read only / No access
DVD /CD Full / Read only / No access
Floppy Full / Read only / No access
Tape Full / Read only / No access
External Hard drive Full / Read only / No access
Firewire Full / Read only / No access
SD Card Full / Read only / No access
MM Card Full / Read only / No access
Bluetooth Devices Full / Audio Only/ No access
Infrared Full / No access
Wifi Full / No access
Serial Full / No access
Parallel Full / No access
Scanners Full / No access
Cameras, Webcams & Others Full / No access
Printers Full / No access
USB Ethernet Adapter Full / No access
Sound Cards Full / No access
Portable Devices (iPhones, Mobile Devices) Full / No access
Network Share Full / No access

Learn More: USB control with AccessPatrol

Can I Use AccessPatrol for My Remote Team?

Yes. CurrentWare’s endpoint protection software solutions support a variety of deployment options that allow you to prevent data leakage to USB devices no matter where your employees work.

To learn more about increasing the security of remote workers with our endpoint security solutions, visit this article: How to Set Up Device Control Software for Remote Teams

Will My Employees Know That Portable Storage Devices Are Being Monitored?

As with any CurrentWare Suite product, your organization is in control of how visible the endpoint security solutions are.

AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.

The CurrentWare software client that is used by our USB device control software operates in stealth mode by default.

In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the employee’s computer. Your employee will not be able to uninstall the program or stop it without administrator privileges.

If you would like your employees to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.

If you would like to disable monitoring altogether, visit this article: How Do I Disable AccessPatrol’s Device Tracking?

How Can I Get Started With USB Protection in my Network?

  1. Download & Install AccessPatrol
    Download the files for your free device control software trial. On the administrator’s computer, run CurrentWare.exe to begin the installation of the endpoint security solutions.
  2. Deploy the Software Clients
    Deploy the CurrentWare software client (cwClientSetup.exe) on all the computers you want to control with our endpoint security solutions. You can deploy the software client with a local install or by using Active Directory, SCCM, or our built-in remote deployment tool.
  3. Monitor Your Employees & Restrict USB Devices
    After the installation, you will see all of your employee’s computers on the CurrentWare Console. From this console, you can run detailed reports on all of your employees’ USB device activities and use AccessPatrol’s USB device control features to protect data against insider security threats.

How is the CurrentWare Suite Secured?

CurrentWare is committed to the security of its platform, its users and their data. 

  • All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.

  • The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.

  • You can selectively enable/disable what data is tracked and delete old records automatically.


For a complete overview of the security measures that CurrentWare has in place tp prevent data leakage from the platform, check out the CurrentWare platform security overview page.


Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.