How to Block USB Devices With AccessPatrol USB Blocking Software

  • Block Unauthorized Devices
    Allow only authorized USB drives to be used in just a few clicks—Without having to fully block all the USB ports needed for legitimate work purposes!
  • File Transfer Monitoring
    Use reports and alerts to monitor user actions such as file transfers to USB devices & cloud storage services
  • Enforce Policies On Any Network
    USB security policies travel with your devices, keeping sensitive data safe when users leave the network

Trusted by

CW_AXA_logo

& many more

Trusted by

Viking Yachts

and many more

Prevent the Use of Personal USB Devices

AccessPatrol USB blocking software gives you the features you need to prevent data loss to portable devices.

  • Effortlessly block all unapproved peripheral devices from connecting to USB ports
  • Use the Allowed List to whitelist trusted devices for specific users
  • Block and unblock USB ports in just a click!
AccessPatrol central web console close up

Manage USB Storage Devices Policies From a Central Console

Block and unblock USB ports and other peripheral ports from a centralized dashboard with an interactive user interface.

The web console uses Windows IIS, allowing it to be conveniently accessed from any web browser with optional remote access capabilities

  • Role-Based Access Control
    Give trusted team members customized access rights to specific features and groups of users/computers—The admin activity log makes auditing policy updates for compliance purposes simple and intuitive
  • Active Directory Sync
    Import OUs to set policies without the need to manage unwieldy Group Policy Objects
  • Manage Remote Devices
    USB device control policies continue to apply even when endpoints disconnect from the network

Limit Data Transfer Over USB Ports

With AccessPatrol’s USB file transfer blocking feature you can prevent files from being transferred via USB ports based on their filename or extension.

  • Allowed List: Limit what files can be transferred to storage devices based on file extensions and keywords in filenames
  • Block File Transfers: Prevent file transfers between storage devices and PCs, even when trusted users use authorized USB drives
  • Renamed File Extension Blocking: AccessPatrol uses file signatures to detect the original file extension of a file, preventing users from renaming files to bypass your DLP policies
AccessPatrol Block File Transfer Whitelist
Cloud storage server

Prevent Data Loss to Cloud Storage Services

Having sensitive data stored on unmanaged cloud services is a significant risk. Control access to cloud apps and websites with CurrentWare.

  • Prevent malicious insiders from accessing cloud storage websites and apps
  • Block the downloading and uploading of specific file types
  • Track file transfers to/from cloud storage services for evidence of insider threats

Temporarily Bypass Restrictions for USB Storage Devices

Want to temporarily provide unrestricted access to USB devices use on a specific endpoint? Use AccessPatrol’s Access Code Generator to provide a time-limited bypass of AccessPatrol’s device policy settings.

  • Works on remote computers, even without an internet connection
  • Balance security and productivity by providing limited access for edge-cases such as trusted vendors and other third-parties
  • Access codes are single-use, unique to a specific computer, and automatically expire to prevent misuse
viking yachts

Case Study

Viking Yachts Protects Sensitive Information From a Departing Employee

“CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”

A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

AccessPatrol’s USB Data Loss Prevention Alerts, Reports, and Dashboards

AccessPatrol is more than a feature rich USB ports blocker; it also monitors various actions among USB ports, cloud storage apps, and more. It maintains records of all devices, computer systems, and users being managed to give you advanced visibility into data security threats.

AccessPatrol’s email alerts, reports, and dashboards make it the best USB blocker software to provide your organization with the USB ports monitoring tools it needs to protect data against insider threats.

AccessPatrol’s USB Device Permission Settings

  • Full Access
    The computer or user with this access permission has read and write access to the specified removable devices
  • Read Only Access
    A read-only policy allows users to view the contents of devices without being able to perform file transfers and other file operations
  • No Access
    AccessPatrol will prevent the users/PC from copying files to the storage devices and restrict access

USB Activity Alerts

  • Send AccessPatrol’s USB activity reports straight to your security team’s inbox when alerts are triggered

  • Customize thresholds to send email alerts based on suspicious USB connection history, file operations, or specific file types

  • Combine with AccessPatrol’s other USB control features to enforce your information security policies and improve your USB data loss prevention capabilities

USB File Operations Alerts

Protect sensitive data against theft by alerting security personnel when users copy data to USB drives and other USB devices.

Configure file operations alerts based on file extensions (.exe, .zip, .msi, .xslx, .cad, etc) or file names to get alerted when these copied files are detected.

You can configure file operations alerts to trigger when:

  • Files are created on USB drives
  • Files are transferred to USB drives

  • Files are deleted from USB drives

  • Files are saved as to USB drives

  • Files are renamed on USB drives

Screenshot of AccessPatrol's activity log with evidence sensitive files transferred to USB storage devices
Screenshot of AccessPatrol's USB activity email alerts setup window. Alerts are set for .exe, .zip, .cad, and .xlsx file transfers

USB File Transfers Alerts

Get alerts when specific file types and file names are transferred to removable devices.

You can configure USB file activity alerts to trigger when:

  • A user commits and sort of file operation

  • A user transfers specific file types
  • A user transfers files with pre-defined keywords in the file name

Alerts for the Use of Removable Devices

With the Email Alerts by Devices feature you can trigger real-time email alerts based on the peripheral device usage of your organization

You can configure USB connection history alerts to trigger when:

  • A Specific device is used
  • Any peripheral device is used
  • An unknown device is used
  • Any blocked or allowed device is used
Access Patrol allowed vs denied USB devices report

The Dangers of Employee Data Theft, Insider Attacks & USB Security Threats

Insider threat detection and data loss prevention tools such as CurrentWare’s USB lockdown software, web filtering software, and user activity monitoring software are essential for keeping sensitive data and computer systems safe from data leaks caused by malicious and negligent insiders.

Financial_ServicesBreach_Icon

70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement.1

Without blocking USB ports, stealing sensitive files is as simple as a transfer to easily concealed USB devices that can hold over a terabyte of data!

Insider threat incidents that took 90+ days to contain cost organizations an average of $17.19 million per year.2

User activity data is essential to detect data breaches and violations of USB security policies such as attempts to use personal USB drives

20% of data breaches from 2020-2021 involved trusted internal actors such as employees and contractors.3

USB lockdown software offers the key features you need to prevent data breaches to USB flash drives and other portable devices

Why Do Employees Steal Data?

  • Competitive Edge
    Ex-employees may steal intellectual property to gain favor with a competing company; this is a form of corporate espionage.
  • Financial Gain
    The 2020 Verizon Data Breach Investigations Report found that 86% of breaches are financially motivated. Sensitive data is incredibly valuable to a variety of threat actors.
  • Entitlement
    72% of business decision-makers in the 2018 Data Exposure Report by Code42 believe they are entitled to corporate data that they contributed to, such as source code.
  • Revenge
    Employees that are being involuntarily terminated, passed over for a promotion, or denied a raise are more likely to steal corporate data as a way of “getting back” at the company.

1 Your Employees are Taking Your Data – Richard Agnew, Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/employees-taking-data/.
2 2022 Ponemon Cost of Insider Threats Global Report. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
3 2022 Verizon Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf

Check Out Our Great Reviews!

This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.

Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees

In my nearly 40 years in the IT business I’ve worked with a lot of support teams. I really appreciate CurrentWare going the extra mile to help me get the most out of the product. They’ve definitely outweighed any of the other competitors that I’ve looked at.

Jerry Slocum, Managed Services Provider
Haggerty Auto Group, 150-200 Employees

Data leaks have been thwarted by AccessPatrol. When an unauthorized device is detected, an email alert is sent immediately. It enables real-time audit reports on accessed and blocked devices.

Karen M., Senior Director of Marketing
Construction Industry, 10,001+ employees

We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees

Expand your capabilities with CurrentWare's award-winning productivity and security software

How to Improve Data Security With CurrentWare

The CurrentWare Suite provides critical security controls for protecting your network, endpoints, and sensitive data against a variety of high-risk activities.

Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

Block & Audit Storage Devices

Control who can use portable storage devices and set security policies to limit what devices are allowed. Monitor data transfers to removable media and network storage devices to ensure that your data security policies are being followed.

Data loss prevention cloud storage DLP security tips

Prevent Data Loss to Cloud Platforms

Protect sensitive data against the risks of cloud file sharing sites. Block cloud storage sites/apps, restrict uploads/downloads, and monitor file transfers for high-risk or anomalous activity.

accesspatrol USB file operations history activity log

Audit User Activity for Insider Threat Risks

Monitor employee computer usage for signs of insider threats. Track file transfers, web browsing, app use, and login/logout times for high-risk, anomalous, or inappropriate activity. Receive automated alerts straight to your inbox when specific events occur.

Screenshot of AccessPatrol's USB file transfer blocking feature

Block Data Transfers to Portable Storage

Go beyond simply blocking unauthorized devices; ensure optimal data protection with your trusted devices, too. Block file transfers to portable storage devices based on file extension and file name.

Screenshot of BrowseControl's Port Filter for blocking TCP/UDP ports

Block High-Risk Network Ports

Block unused TCP/UDP ports to reduce the attack surface of your network. Improve data protection by mitigating the threat of data leakage over FTP, SFTP, IRC, and other high-risk network ports.

Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Block Risky Sites

BrowseControl’s web content category filtering database provides you with a convenient way to block millions of websites across over 100 URL categories. Easily block users from accessing social media, porn, games, known virus-infected websites, and more!

Free removable media policy template from CurrentWare

FREE DOWNLOAD
Removable Media Policy Template 

Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.

  • Set data security standards for portable storage
  • Define the acceptable use of removable media
  • Inform your users about their security responsibilities

Device Control Best Practices

Establish Administrative Safeguards for Removable Media

A holistic data loss prevention strategy requires more than just technical safeguards—it needs clear policies and procedures that employees must follow.

Examples of Administrative Safeguards:

  • Security awareness training for employees
  • Written policies and procedures
  • Incident response plans
  • Background checks

Appoint a Staff Member to Manage Device Control Policies

To prevent your network USB control policies from affecting productivity you need a designated member of staff that can enable USB ports to allow temporary device access on an as-needed basis.

AccessPatrol makes changing your USB security settings simple and intuitive:

  • Use the Access Code Generator to provide temporary access to USB ports for a limited time
  • Create device control policy groups to apply unique restrictions based on risk
  • Easily add new trusted devices to the allow list in just a few clicks
  • Optionally import your Active Directory organizational units to manage USB policies with your existing OUs

Establish a Removable Media Policy

removable media policy is a type of information security policy that dictates the acceptable use of portable storage devices such as USB flash drives, external hard drives, and tape drives. 

How restrictive your policies are will typically be based on the risk level of a given user. A user’s risk level will vary based on their role and their level of access to sensitive data.

For example, a healthcare employee that works with electronic health records (EHR) will have their device access more restricted than a marketing employee that needs to easily share content briefs with external parties.

Need a written removable media policy? Get writing tips and download our free template here.

 

Use Encryption to Protect Data on Removable Devices

Encryption is an essential component of data protection for USB flash drives. Without it, a lost USB device can readily have its contents stolen and distributed to unauthorized parties.

To encrypt USB removable storage drives, Bitlocker-to-Go is a viable option for Windows systems, VeraCrypt can be used for MacOS/Windows/Linux, and FileVault can be used with MacOS.

To ensure consistently enforced encryption you can even purchase USB devices that include built-in hardware or software encryption.

Maintain an Inventory of Approved USB Devices

To prevent unauthorized use of personal removable storage devices you will need to block USB devices and selectively allow trusted devices.

For the best device control you must manage who can acquire authorized devices with administrative controls.

With a USB device inventory you can require users to sign out authorized peripherals as-needed and have them return the device at the end of the day.

Once returned you can use antivirus software to scan for malware infections, ensure that encryption is enabled on all removable storage, and wipe data from the peripherals.

Set USB Activity Alerts

AccessPatrol’s email alerts feature provides real-time security alerts of endpoint USB activities.

Device alerts can be configured to alert designated staff members in real-time when specific, unknown, allowed, or blocked peripherals are connected to a USB port.

File operations alerts will notify designated staff members in real-time when files are copied, created, deleted, or renamed on a USB storage device.

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

AccessPatrol’s USB Control & Data Loss Prevention Features

Block USB

Block USB & Other Devices

Set full access, read only or no access on storage devices

Allowed List

Whitelist USB Devices

Allow only authorized storage devices to be used

Block Files

Block File Transfers

Prevent files from being transferred to portable storage

Deivce Access Code

Access Code Generator

Provide temporary access to peripheral devices

Reports

DLP Activity Reports

Track file transfers, storage device use, file operations, and more

Track File Transfers

File Transfer Monitoring

Monitor files that are copied to USBs, cloud storage, and more

Email Alert

Alerts & Reports

Automatically send USB activity reports to designated inboxes

Stealth

Transparent & Stealth Modes

Run silently in the background or provide notice of monitoring

Internet Off

Centralized Console

Manage all your users from the
centralized console with Active
Directory import or syncing

Internet Off

Platform Security

Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more

Internet Off

Offsite Management

Extend onsite Internet usage
policies to laptops running outside
the corporate network

Internet Off

SQL Server Supported

Database scaled for enterprise and
large business operations using
Microsoft SQL Server

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

More Insider Threat Prevention & USB Security Resources

Free removable media policy template from CurrentWare

How to Write a USB Security Policy 

Download our free USB devices policy template and follow these tips to tailor it to meet your USB security needs

Insider Threats - How to Stop Data Theft - CurrentWare

Tips for Preventing Insider Data Theft

Follow these tips to protect your company’s sensitive data against theft, misuse, and loss from malicious and negligent insider threats.

A 32 gigabyte USB flash drive sitting on top of a computer keyboard

How to Disable USB Ports

Learn how to protect your organization against USB security risks using AccessPatrol’s USB port blocking features

Insider threat management: Employee data theft stories

Examples of Data Theft by Employees

These notorious examples of employee data theft demonstrate the devastating effects that a data breach can have.

Corporate espionage: Crushing cases of IP theft

5 Corporate Espionage Cases

These corporate espionage cases highlight the lengths that organizations will go to to maintain an advantage over competitors.

data loss prevention - the top data exfiltration risks

The Top 7 Data Exfiltration Risks

This article will teach you how to prevent data exfiltration by addressing the most common techniques used.

Access Patrol

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.

AccessPatrol Device Control & Data Loss Prevention Software FAQ

Which Devices Can I Control With AccessPatrol?

AccessPatrol can control peripheral ports, wireless adapters, external devices, and data egress points including USB devices, cloud storage apps/websites, and more.

Learn More: Devices You Can Control With AccessPatrol

Are There Any Limits to the Free Trial?

The free trial of our USB device control software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate AccessPatrol in your network, reach out to our support team.

Can I Set Unique Device Control Policies for Different Computers or Users?

Yes. With AccessPatrol’s USB control features you can block or allow USB flash drives and other peripherals for each computer, user, department, or other organizational unit (OU) in your company. 

To do this, AccessPatrol’s management console allows you to create group folders with separate policies.

This feature is perfect for balancing USB data security with productivity; you can control USB devices for most employees while still providing access for trusted administrators that need unrestricted access.

You can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block USB devices at specific times.

What Operating Systems Are Supported?

AccessPatrol USB blocking software and all of the other modules in the CurrentWare Suite can monitor and manage computers running Windows operating systems, including both 32-bit and 64-bit versions of Windows Server, Windows 7, Windows 8, Windows 10, Windows 11, and future versions of Windows.

Legacy versions of AccessPatrol can be provided on a case-by-case basis to block USB devices on Windows XP and other EOL versions of Windows.

The Web Console is hosted on a Windows Pro/Enterprise or Windows Server computer; once deployed it can be accessed from the convenience of a web browser on any operating system within your network (or optionally configure remote access) to easily manage administrative settings.

Learn More: 
AccessPatrol System Requirements
How to Install CurrentWare

Can I Block Specific File Types from Being Transferred via USB Ports?

Yes. AccessPatrol can lock USB ports to prevent your end-users from copying specific files to a USB device. These USB file transfer restrictions can be configured based on the file name or file extension.

The data transfer blocking feature can also be used on devices that are on the allowed list. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable devices.

Is This a Cloud-Based USB Blocker Software?

The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.

Our USB control and endpoint security solutions are not cloud-native.

Learn More:

CurrentWare will not have access to your employee’s data. All of the data collected by CurrentWare’s employee monitoring and endpoint security solutions are stored on a database that is fully controlled and managed by your organization. For more information please refer to our Terms of Service.

Can I Use AccessPatrol to Control USB Access Permissions of My Remote Team?

Yes. CurrentWare’s software solutions support a variety of deployment options that allow you to prevent data leakage to USB devices no matter where your employees work.

Learn More: How to Set Up AccessPatrol Device Control Software for Remote Teams

Can I Use This USB Blocker Software in Citrix, Remote Desktop, and/or Windows Terminal Server Environments?

Yes. CurrentWare is a certified Citrix Ready Partner. The CurrentWare Suite (AccessPatrol, BrowseControl, BrowseReporter, and enPowerManager) is supported on desktop computers, virtual machines (VMs), and servers running modern versions of the Windows operating system.

You can install the CurrentWare Clients on your Citrix Workspace running Windows. In addition, all CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS).

When controlling peripheral devices in Citrix with CurrentWare you can block devices on PC Mode to restrict the individual virtual machine or on User Mode to restrict devices for specific users across multiple devices and/or virtual machines.

Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; to apply granular policies for each user, department, or Organizational Unit you will need to use User Mode.

Learn More:
CurrentWare for Remote Desktop & Terminal Server

CurrentWare for Citrix Activity Monitoring

CurrentWare System Requirements

Will My Users Know That Portable Storage Device Usage Is Being Monitored?

With any CurrentWare Suite product, your organization is in control of how visible the solutions are.

AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.

The CurrentWare software client that is used by our USB device control software operates in stealth mode by default.

In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the employee’s computer. Your employee will not be able to uninstall the program or stop it without administrator privileges.

If you would like your employees to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.

If you would like to disable monitoring altogether, visit this article: How Do I Disable AccessPatrol’s Device Tracking?

Does CurrentWare Have Access to Employee Data?

No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.

All of the data collected by CurrentWare’s software is stored on a database that is installed in your organization’s data center or cloud service provider.

With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.

  • Sensitive employee data stays secured to your standards rather than being sent to a third party.
  • Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
  • Retain auditable records of user activity for as long as you need

For more information please refer to our Terms of Service.

How is the CurrentWare Suite Secured?

CurrentWare is committed to the security of its platform, its users and their data. 

  • All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.

  • The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.

  • You can selectively enable/disable what data is tracked and delete old records automatically.

 

For a complete overview of the security measures that CurrentWare has in place tp prevent data leakage from the platform, check out the CurrentWare platform security overview page.

access-patrol-currentware

Try AccessPatrol for Free

Fully functional. Easy to use. Install in minutes.