& many more
and many more
Prevent the Use of Personal USB Devices
AccessPatrol USB blocking software gives you the features you need to prevent data loss to portable devices.
- Effortlessly block all unapproved peripheral devices from connecting to USB ports
- Use the Allowed List to whitelist trusted devices for specific users
- Block and unblock USB ports in just a click!
Manage USB Storage Devices Policies From a Central Console
Block and unblock USB ports and other peripheral ports from a centralized dashboard with an interactive user interface.
The web console uses Windows IIS, allowing it to be conveniently accessed from any web browser with optional remote access capabilities
- Role-Based Access Control
Give trusted team members customized access rights to specific features and groups of users/computers—The admin activity log makes auditing policy updates for compliance purposes simple and intuitive
- Active Directory Sync
Import OUs to set policies without the need to manage unwieldy Group Policy Objects
- Manage Remote Devices
USB device control policies continue to apply even when endpoints disconnect from the network
Limit Data Transfer Over USB Ports
With AccessPatrol’s USB file transfer blocking feature you can prevent files from being transferred via USB ports based on their filename or extension.
- Allowed List: Limit what files can be transferred to storage devices based on file extensions and keywords in filenames
- Block File Transfers: Prevent file transfers between storage devices and PCs, even when trusted users use authorized USB drives
- Renamed File Extension Blocking: AccessPatrol uses file signatures to detect the original file extension of a file, preventing users from renaming files to bypass your DLP policies
Prevent Data Loss to Cloud Storage Services
Having sensitive data stored on unmanaged cloud services is a significant risk. Control access to cloud apps and websites with CurrentWare.
- Prevent malicious insiders from accessing cloud storage websites and apps
- Block the downloading and uploading of specific file types
- Track file transfers to/from cloud storage services for evidence of insider threats
Temporarily Bypass Restrictions for USB Storage Devices
Want to temporarily provide unrestricted access to USB devices use on a specific endpoint? Use AccessPatrol’s Access Code Generator to provide a time-limited bypass of AccessPatrol’s device policy settings.
- Works on remote computers, even without an internet connection
- Balance security and productivity by providing limited access for edge-cases such as trusted vendors and other third-parties
- Access codes are single-use, unique to a specific computer, and automatically expire to prevent misuse
AccessPatrol’s USB Data Loss Prevention Alerts, Reports, and Dashboards
AccessPatrol is more than a feature rich USB ports blocker; it also monitors various actions among USB ports, cloud storage apps, and more. It maintains records of all devices, computer systems, and users being managed to give you advanced visibility into data security threats.
AccessPatrol’s email alerts, reports, and dashboards make it the best USB blocker software to provide your organization with the USB ports monitoring tools it needs to protect data against insider threats.
AccessPatrol’s USB Device Permission Settings
- Full Access
The computer or user with this access permission has read and write access to the specified removable devices
- Read Only Access
A read-only policy allows users to view the contents of devices without being able to perform file transfers and other file operations
- No Access
AccessPatrol will prevent the users/PC from copying files to the storage devices and restrict access
USB Activity Alerts
Send AccessPatrol’s USB activity reports straight to your security team’s inbox when alerts are triggered
Customize thresholds to send email alerts based on suspicious USB connection history, file operations, or specific file types
Combine with AccessPatrol’s other USB control features to enforce your information security policies and improve your USB data loss prevention capabilities
USB File Operations Alerts
Protect sensitive data against theft by alerting security personnel when users copy data to USB drives and other USB devices.
Configure file operations alerts based on file extensions (.exe, .zip, .msi, .xslx, .cad, etc) or file names to get alerted when these copied files are detected.
You can configure file operations alerts to trigger when:
- Files are created on USB drives
Files are transferred to USB drives
Files are deleted from USB drives
Files are saved as to USB drives
Files are renamed on USB drives
USB File Transfers Alerts
Get alerts when specific file types and file names are transferred to removable devices.
You can configure USB file activity alerts to trigger when:
A user commits and sort of file operation
- A user transfers specific file types
A user transfers files with pre-defined keywords in the file name
Alerts for the Use of Removable Devices
With the Email Alerts by Devices feature you can trigger real-time email alerts based on the peripheral device usage of your organization
You can configure USB connection history alerts to trigger when:
- A Specific device is used
- Any peripheral device is used
- An unknown device is used
- Any blocked or allowed device is used
The Dangers of Employee Data Theft, Insider Attacks & USB Security Threats
Insider threat detection and data loss prevention tools such as CurrentWare’s USB lockdown software, web filtering software, and user activity monitoring software are essential for keeping sensitive data and computer systems safe from data leaks caused by malicious and negligent insiders.
Why Do Employees Steal Data?
- Competitive Edge
Ex-employees may steal intellectual property to gain favor with a competing company; this is a form of corporate espionage.
- Financial Gain
The 2020 Verizon Data Breach Investigations Report found that 86% of breaches are financially motivated. Sensitive data is incredibly valuable to a variety of threat actors.
72% of business decision-makers in the 2018 Data Exposure Report by Code42 believe they are entitled to corporate data that they contributed to, such as source code.
Employees that are being involuntarily terminated, passed over for a promotion, or denied a raise are more likely to steal corporate data as a way of “getting back” at the company.
1 Your Employees are Taking Your Data – Richard Agnew, Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/employees-taking-data/.
2 2022 Ponemon Cost of Insider Threats Global Report. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
3 2022 Verizon Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf
This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.
Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees
In my nearly 40 years in the IT business I’ve worked with a lot of support teams. I really appreciate CurrentWare going the extra mile to help me get the most out of the product. They’ve definitely outweighed any of the other competitors that I’ve looked at.
Jerry Slocum, Managed Services Provider
Haggerty Auto Group, 150-200 Employees
Data leaks have been thwarted by AccessPatrol. When an unauthorized device is detected, an email alert is sent immediately. It enables real-time audit reports on accessed and blocked devices.
Karen M., Senior Director of Marketing
Construction Industry, 10,001+ employees
We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.
Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees
How to Improve Data Security With CurrentWare
The CurrentWare Suite provides critical security controls for protecting your network, endpoints, and sensitive data against a variety of high-risk activities.
Block & Audit Storage Devices
Control who can use portable storage devices and set security policies to limit what devices are allowed. Monitor data transfers to removable media and network storage devices to ensure that your data security policies are being followed.
Prevent Data Loss to Cloud Platforms
Protect sensitive data against the risks of cloud file sharing sites. Block cloud storage sites/apps, restrict uploads/downloads, and monitor file transfers for high-risk or anomalous activity.
Audit User Activity for Insider Threat Risks
Monitor employee computer usage for signs of insider threats. Track file transfers, web browsing, app use, and login/logout times for high-risk, anomalous, or inappropriate activity. Receive automated alerts straight to your inbox when specific events occur.
Block Data Transfers to Portable Storage
Go beyond simply blocking unauthorized devices; ensure optimal data protection with your trusted devices, too. Block file transfers to portable storage devices based on file extension and file name.
Block High-Risk Network Ports
Block unused TCP/UDP ports to reduce the attack surface of your network. Improve data protection by mitigating the threat of data leakage over FTP, SFTP, IRC, and other high-risk network ports.
Block Risky Sites
BrowseControl’s web content category filtering database provides you with a convenient way to block millions of websites across over 100 URL categories. Easily block users from accessing social media, porn, games, known virus-infected websites, and more!
Removable Media Policy Template
Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.
- Set data security standards for portable storage
- Define the acceptable use of removable media
- Inform your users about their security responsibilities
Device Control Best Practices
Establish Administrative Safeguards for Removable Media
A holistic data loss prevention strategy requires more than just technical safeguards—it needs clear policies and procedures that employees must follow.
Examples of Administrative Safeguards:
- Security awareness training for employees
- Written policies and procedures
- Incident response plans
- Background checks
Appoint a Staff Member to Manage Device Control Policies
To prevent your network USB control policies from affecting productivity you need a designated member of staff that can enable USB ports to allow temporary device access on an as-needed basis.
AccessPatrol makes changing your USB security settings simple and intuitive:
- Use the Access Code Generator to provide temporary access to USB ports for a limited time
- Create device control policy groups to apply unique restrictions based on risk
- Easily add new trusted devices to the allow list in just a few clicks
- Optionally import your Active Directory organizational units to manage USB policies with your existing OUs
Establish a Removable Media Policy
A removable media policy is a type of information security policy that dictates the acceptable use of portable storage devices such as USB flash drives, external hard drives, and tape drives.
How restrictive your policies are will typically be based on the risk level of a given user. A user’s risk level will vary based on their role and their level of access to sensitive data.
For example, a healthcare employee that works with electronic health records (EHR) will have their device access more restricted than a marketing employee that needs to easily share content briefs with external parties.
Need a written removable media policy? Get writing tips and download our free template here.
Use Encryption to Protect Data on Removable Devices
Encryption is an essential component of data protection for USB flash drives. Without it, a lost USB device can readily have its contents stolen and distributed to unauthorized parties.
To encrypt USB removable storage drives, Bitlocker-to-Go is a viable option for Windows systems, VeraCrypt can be used for MacOS/Windows/Linux, and FileVault can be used with MacOS.
To ensure consistently enforced encryption you can even purchase USB devices that include built-in hardware or software encryption.
Maintain an Inventory of Approved USB Devices
To prevent unauthorized use of personal removable storage devices you will need to block USB devices and selectively allow trusted devices.
For the best device control you must manage who can acquire authorized devices with administrative controls.
With a USB device inventory you can require users to sign out authorized peripherals as-needed and have them return the device at the end of the day.
Once returned you can use antivirus software to scan for malware infections, ensure that encryption is enabled on all removable storage, and wipe data from the peripherals.
Set USB Activity Alerts
AccessPatrol’s email alerts feature provides real-time security alerts of endpoint USB activities.
Device alerts can be configured to alert designated staff members in real-time when specific, unknown, allowed, or blocked peripherals are connected to a USB port.
File operations alerts will notify designated staff members in real-time when files are copied, created, deleted, or renamed on a USB storage device.
AccessPatrol’s USB Control & Data Loss Prevention Features
Block USB & Other Devices
Set full access, read only or no access on storage devices
Whitelist USB Devices
Allow only authorized storage devices to be used
Block File Transfers
Prevent files from being transferred to portable storage
Access Code Generator
Provide temporary access to peripheral devices
DLP Activity Reports
Track file transfers, storage device use, file operations, and more
File Transfer Monitoring
Monitor files that are copied to USBs, cloud storage, and more
Alerts & Reports
Automatically send USB activity reports to designated inboxes
Transparent & Stealth Modes
Run silently in the background or provide notice of monitoring
Manage all your users from the
centralized console with Active
Directory import or syncing
Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more
Extend onsite Internet usage
policies to laptops running outside
the corporate network
SQL Server Supported
Database scaled for enterprise and
large business operations using
Microsoft SQL Server
More Insider Threat Prevention & USB Security Resources
How to Write a USB Security Policy
Download our free USB devices policy template and follow these tips to tailor it to meet your USB security needs
Tips for Preventing Insider Data Theft
Follow these tips to protect your company’s sensitive data against theft, misuse, and loss from malicious and negligent insider threats.
How to Disable USB Ports
Learn how to protect your organization against USB security risks using AccessPatrol’s USB port blocking features
Examples of Data Theft by Employees
These notorious examples of employee data theft demonstrate the devastating effects that a data breach can have.
5 Corporate Espionage Cases
These corporate espionage cases highlight the lengths that organizations will go to to maintain an advantage over competitors.
The Top 7 Data Exfiltration Risks
This article will teach you how to prevent data exfiltration by addressing the most common techniques used.
AccessPatrol Device Control & Data Loss Prevention Software FAQ
Which Devices Can I Control With AccessPatrol?
AccessPatrol can control peripheral ports, wireless adapters, external devices, and data egress points including USB devices, cloud storage apps/websites, and more.
Learn More: Devices You Can Control With AccessPatrol
Are There Any Limits to the Free Trial?
The free trial of our USB device control software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate AccessPatrol in your network, reach out to our support team.
Can I Set Unique Device Control Policies for Different Computers or Users?
Yes. With AccessPatrol’s USB control features you can block or allow USB flash drives and other peripherals for each computer, user, department, or other organizational unit (OU) in your company.
To do this, AccessPatrol’s management console allows you to create group folders with separate policies.
This feature is perfect for balancing USB data security with productivity; you can control USB devices for most employees while still providing access for trusted administrators that need unrestricted access.
What Operating Systems Are Supported?
AccessPatrol USB blocking software and all of the other modules in the CurrentWare Suite can monitor and manage computers running Windows operating systems, including both 32-bit and 64-bit versions of Windows Server, Windows 7, Windows 8, Windows 10, Windows 11, and future versions of Windows.
Legacy versions of AccessPatrol can be provided on a case-by-case basis to block USB devices on Windows XP and other EOL versions of Windows.
The Web Console is hosted on a Windows Pro/Enterprise or Windows Server computer; once deployed it can be accessed from the convenience of a web browser on any operating system within your network (or optionally configure remote access) to easily manage administrative settings.
Can I Block Specific File Types from Being Transferred via USB Ports?
Yes. AccessPatrol can lock USB ports to prevent your end-users from copying specific files to a USB device. These USB file transfer restrictions can be configured based on the file name or file extension.
The data transfer blocking feature can also be used on devices that are on the allowed list. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable devices.
Is This a Cloud-Based USB Blocker Software?
The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.
Our USB control and endpoint security solutions are not cloud-native.
CurrentWare will not have access to your employee’s data. All of the data collected by CurrentWare’s employee monitoring and endpoint security solutions are stored on a database that is fully controlled and managed by your organization. For more information please refer to our Terms of Service.
Can I Use AccessPatrol to Control USB Access Permissions of My Remote Team?
Yes. CurrentWare’s software solutions support a variety of deployment options that allow you to prevent data leakage to USB devices no matter where your employees work.
Can I Use This USB Blocker Software in Citrix, Remote Desktop, and/or Windows Terminal Server Environments?
Yes. CurrentWare is a certified Citrix Ready Partner. The CurrentWare Suite (AccessPatrol, BrowseControl, BrowseReporter, and enPowerManager) is supported on desktop computers, virtual machines (VMs), and servers running modern versions of the Windows operating system.
You can install the CurrentWare Clients on your Citrix Workspace running Windows. In addition, all CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS).
When controlling peripheral devices in Citrix with CurrentWare you can block devices on PC Mode to restrict the individual virtual machine or on User Mode to restrict devices for specific users across multiple devices and/or virtual machines.
Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; to apply granular policies for each user, department, or Organizational Unit you will need to use User Mode.
Will My Users Know That Portable Storage Device Usage Is Being Monitored?
With any CurrentWare Suite product, your organization is in control of how visible the solutions are.
AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.
The CurrentWare software client that is used by our USB device control software operates in stealth mode by default.
In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the employee’s computer. Your employee will not be able to uninstall the program or stop it without administrator privileges.
If you would like your employees to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.
If you would like to disable monitoring altogether, visit this article: How Do I Disable AccessPatrol’s Device Tracking?
Does CurrentWare Have Access to Employee Data?
No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.
With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.
- Sensitive employee data stays secured to your standards rather than being sent to a third party.
- Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
- Retain auditable records of user activity for as long as you need
For more information please refer to our Terms of Service.
How is the CurrentWare Suite Secured?
CurrentWare is committed to the security of its platform, its users and their data.
- All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.
- The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.
- You can selectively enable/disable what data is tracked and delete old records automatically.
For a complete overview of the security measures that CurrentWare has in place tp prevent data leakage from the platform, check out the CurrentWare platform security overview page.