USB Lockdown Software for Enterprise
USB Management, Whitelisting and Monitoring to Protect Computers in a Network.
Block USB Devices Access and Lock USB Ports in Real-time.
USB-Lock-RP is the strongest USB device control software solution to centrally manage USB removable storage drives, mobile devices and wireless adapters to servers, workstations and laptops in a network. Presents smart USB lockdown designed to protect computers in Industrial processes as well as corporate offices:
USB-Lock-RP Device Control Software.
Classified as USB port control for enterprise, USB-Lock-RP software is an administrative and enforcement tool specifically designed to protect windows operating systems, without concern to dependencies, at a very small memory/storage footprint.
The Management console operates on-premises within the enterprise network and provides real-time granular control and visibility over USB activity and endpoint computers. It controls devices access policy and enforces rules to specific computers, as well as groups of computers with ease. Receives devices connection alerts and logs events automatically, including USB Monitoring for details on approved file transfers.
USB Lock RP detects devices hardware ID to allow specific USB devices and block the rest without interfering with harmless peripherals. USB flash drives can be authorized to work on specific machines, groups or across the network. USB Lockdown is required to effectively prevent data loss and malware infection by means of USB media, the software rejects unauthorized devices at system level and blocks incoming & outgoing of data.
USB blocking and Lock down characteristics are unique and offer superior data security than consumer-based USB control solutions or antivirus software attempting to analyze unauthorized devices, because accessing unknown devices creates unnecessary risk and results in a waste of system resources.
Additionally, it can set strong encryption to files transferred from the PC to the authorized USB drive. Auto-Encryption can be turned ON/OFF in real-time.
Also capable of setting read-only policy to specific USB drives in real-time. This advanced read-only function write-protects specific USB drives while other authorized USB drives can be full access on the same machine. (While unauthorized USB drives continue to be blocked)
Most recently included functions:
- System-mode control operation. Allows 24x7 real-time USB security management, alerting and enforcement. This advanced function automatically starts the control in system-mode while an admin-mode control is not running.
- Bulk license recovery function panel: Allows to massively recover licenses from unused machines
- Clients Update function panel: Allows to massively update client’s version from control-side.
- Smart media transfer protocol USB blocking, Allows Smartphones to be connected for charging-only without blocking.
- Centralized USB Management, easy to set and operate.
- Proven capability to manage USB in large networks.
- Secure Groups of Computers or Specific Computers from USB threat.
- Whitelists USB Devices by Hardware ID and Block others.
- Enforces Groups Policy settings in real-time.
- Automatic Authorizations Mode, Whitelist USB devices across the network automatically.
- Receives alerts & logs USB device connections in the network.
- Set read-only to specific usb drives.
- Compatible with Remote Desktop, Adapts to screen resolution changes, Smart desktop area use.
- Export Status and Alerts Reports to csv format (Comma-separated value)
- Presents Full Screen Locking upon Blocking Devices (includes your company logo).
- Monitors & Encrypts File Transfers from Endpoints to Authorized USB drives (ON/OFF).
- Easy Client Deployment through Group Policy (Windows Installer MSI).
- Event logs in CEF (Common events format) for integration with SIEM.
- Controls USB even if no user is logged into the client system (Setting and enforcement).
- Block usb devices to prevent malware infection entering computer by usb media.
- Prevent Data-loss from Computers & Authorized USB Devices (USB DLP)
- Inform of USB Devices Connection Events & Activity
- Compliance with Endpoint Security Policies and Removable Media Regulations
- Permanent end-user enterprise licensing model, One-time payment only.
- Designed for organization autonomous control, doesn't require internet.
- Strong endpoint device control, Blocks or authorizes devices at system level in real-time.
- All included, no need to order additional modules for encryption or monitoring.
- Network TCP/IP (LAN, WLAN or WAN)
- Windows Operating Systems from NT 10 to NT 5.1 (Physical or Virtual Machine)
- Other Dependencies: None
- Control: USB Management application On-Premises (not cloud-based)
- Client: Local System Service
Supported Operating Systems:
- Windows 11
- Windows-Server 2019
- Windows 10
- Windows-Server 2016
- Windows 8.1
- Windows-Server 2012 R2
- Windows 8
- Windows-Server 2012
- Windows 7
- Windows Server 2008 R2
- Windows-Server 2008
- Windows Vista
- Windows-Server 2003 R2
- Windows-Server 2003
- Windows XP
- Windows Embedded OS with Minimal Components
- Virtual Machines and Thin Clients.
- (32/64 bits)
- Latest Version: v.12.998
- Published date: December 1st, 2022.
- Highlights:Latest version highlights (pdf)
- Includes the friendly name of authorized removable storage and smartphones hardware IDs in the local whitelist as well as in all logged alerts of trusted or blocked USB peripherals throughout the USB Control interface. This greatly facilitates whitelisting and events identification.
- Color coded alerts arrival: Allows to easily call the attention on events at a glance
- Status: Active
- Dedicated Technical Team on Stand by
USB Device Control Scope
- UMS (USB Mass Storage Device).
- USB flash drives.
- Memory Card readers.
- Memory Cards.
- UASP (USB Attached SCSI Protocol).
- Portable Hard drives.
- SSD Enclosures.
- USB-MTP (Media Transfer Protocol).
- Portable devices.
- Smart card readers.
- Smart cards.
- External magnetic hard drives.
- Firewire (IEEE 1394).
- Wireless Transceivers.
- External and Internal.
- USB-HID (Human Interface Device).
- BadUSBs (Keystroke Injection).
- USB Rubber Ducky.
Control USB Devices in Real-time
Strong USB Control
Prevents zero-day USB-based exploit from entering your systems. Block USB incoming and outgoing of data. Device identifiers storage are AES 256 encrypted and HEX masked(variable key, variable initiation vector CBC Mode). Prevents Hardware ID spoofing. Secures systems even if the user is running with administrative credentials.
Start protecting your network in minutes. Very easy to operate and set security policy. Protection scope is divided in 4 sectors; just select a client machine or computer group and press the desired lock to keep removable storage and portable devices threats away. Once set operation is automatic. Intuitive administrative GUI, virtually no learning curve involved.
Authorize specific USB removable drives and/or specific smartphones access to specific computers or to all computers in the network and block the rest. Prevents unauthorized access to USB ports, removable storage, portable devices and other Removable Media from accessing operating systems in the network.
Centrally set or change security measures and automatically receive and log details on blocked, and authorized devices as they are plugged into endpoint computers in real-time. As well as logging and receiving records of files transferred from endpoints to authorized USB Devices as events occur.
Personalized USB Lockdown
Presents informative Lockdown alerts screens at client computers upon blocking devices, USB Lockdown screens presented at endpoint computers are personalized with the end-user organization/enterprise logo. Personalization is automatically done by our team prior to secure electronic delivery (within 3 hours order made)
Smart USB Port Control
Designed to block usb devices & control USB port access without interfering with non-storage USB peripherals (mouse, keyboards, webcams, printers), But capable of detecting and unobtrusively protect against keystroke injection and malicious payload attacks by devices such as BadUSBs (USB Rubber Ducky) that impersonate HID keyboards or mouse.
Effective monitoring of data/files transferred from endpoint computers to authorized USB portable storage (thumb/flash/pen drives). Records automatically arrive and are stored secured at the Control server. The Administrative Console can be set to send these records to a SMTP (TLS/SSL) email within your domain in real-time.
Protects information contained inside authorized thumb drives by optionally forcing automatic AES 256 encryption of all transferred data/files from computers to authorized USB drives, effectively locking out USB access to protect confidential information in case the authorized device is lost or stolen. USB DLP policy can be enabled or disabled with just a click.
Perpetual use Licenses
Licenses are end-user organization perpetual use licenses and include 2 years updates, after 2 years updates are optional at 20% of licensing cost. USB-Lock-RP is not support demanding, once it's set, it works as intended, this has to do with product maturity and that at client-side the software deals with hardware, not users. Support is in English at no charge by email or phone.
Doesn’t require internet or Active directory.
Protects even if client endpoint is disconnected from the network. (At the Control, disconnected Laptops will show in the out-list). Protects at System level. (Effective even if running under administrative account.) Starts protecting even if no user is logged into the system. Works on air-gapped networks and remote locations.
Available for Download
Download the functional DEMO or request a small set licensed as Proof-of-Concept to your organization. Test how USB Lock Software, manages USB ports and devices access to endpoints for free, no cost or commitment. POC Licenses are personalized with your organization logo. Dedicated team on standby to assist on any questions you may have (24x7).
USB Lock client can be mass deployed as Group Policy Object in Active Directory Environments, the USB Lock client is presented as a standalone Windows Installer MSI that is configurable by command line, ensuring effective initial client deployment and updates. Our team can also preconfigure the MSI for you if required.
Refers to automatically blocking access to the computer desktop. Lockdown occurs when unauthorized USB storage devices (e.g., USB 2.0, USB 3.x) are connected to the usb ports (e.g., standard USB type-A, USB type-C), or remote USB. USB-Lock-RP considers the unauthorized connection of usb storage devices a serious intrusion attempt that should be stopped by all means.
USB Lockdown (a.k.a., USB blocking) is part of the software redundant measures applied to protect the system. This measures take place upon detection and included preventing drivers to load, stopping, dismounting, disabling, ejecting devices and also blocking access to the desktop. Protection measures escalated depending on the device type and the device status but lockdown is normally included when blocking usb and other removable storage under the software protection scope.
USB blocking is a software capability used by IT security administrators to protect computer systems and data assets from threats posed by the connection of unauthorized USB peripherals.
Blocking USB & desktop Lockdown are simultaneous and present full-screen window alerts that extend to multiple monitors.
Lockdown remains until any of the following conditions is met:
- The blocked USB device is removed. (client-side)
- The master password is used. (client-side.)
- The sector is unprotected. (control-side)
- The USB device is authorized. (control-side)
USB Lock Remote Protector Straightforward Operation
Blocking USB Devices on Specific Computers
- Select a client PC from the USB-Lock-RP Control Dashboard network list.
- Click on the left side lock.
Done!, you have just protected the removable drives sector on the selected computer in real/time, now the following devices will be blocked: USB, eSATA and Firewire drives, Mobile phones (MTP Protocol), and memory cards while also smart blocking USB keystroke injection attacks. Setting are enforced in real-time (To unprotect just click the lock again).
Locking Peripheral Ports on Groups of Computers
By default 5 groups are created, and all new installed clients will belong to group 1 as seen on the groups column, so you are ready to lock removable storage on all computers at this point.
- Rename groups using the group rename function.(optional.)
- Add computers to groups by right clicking on the selected machine and choosing a group name.(optional.)
- Click the Group security button and choose the group name, sector (e.g., Removable drives), desired action (e.g., Protect) and press OK.
Great!, you just Locked removable drives sector on all computers that belong to the chosen group. You will see all computers in that group changing its security status to protected in real-time.
Whitelist Thumb drives and Smartphones
Authorizing specific USB pen drives and Mobile phones is as easy, just insert the device you need to authorize (at the control or at the client) and press authorize. Done!
Besides USB Control (Removable Storage Sector), three other sectors to manage are available and are as easy to protect: CD/DVD Sector, iRDA/Bluetooth Sector, and WiFi Sector.
Blocked or authorized device connection to any client computer automatically generate an alert event stored encrypted at Control server. This records are readable from within the Central USB-Lock-RP Device Control interface and show date-time, Hardware ID, logged user & machine name.
At client-side a full screen alert instructs the user to remove the device, this alerts bear the licensed organization logo at top-left corner.
Monitoring the transfer of files to removable drives is activated or deactivated with just one click independently of the removable storage sector protection state. (While protected or unprotected state)
Monitored data include the name and exact weight of transferred files from the client endpoint PC to flash drives, logged user, device hardware ID, source machine name, date/time when the event started.
Records are sent encrypted AES 256 hex masked from the endpoint computer to the control in near real-time and are organized at the control by endpoint machine name/date/time for review as needed.
At the Central control server the collected data remains encrypted and same as all device insertion attempts records is only readable within the Control interface.
The protection of data inside removable storage is done by forcing automatic encryption, this function can also be turned ON or OFF with just one click. (Monitoring needs to be activated for USB encryption to work).
When USB encryption is active all files transferred from the endpoint computer to authorized USB flash drives are automatically AES 256 encrypted. (all data not just the headers)
Stored files on encrypted USB Thumb drives can be opened within the endpoint originating client or within any other endpoint USB-Lock-RP client that has USB Encryption activated. (files are automatically decrypted in those systems when opened)
This function ensures that information contained inside authorized devices is only accessible within determined computers in the network and none outside the network.
Protection against badUSB devices
Protecting against badUSB device e.g. USB Rubber Ducky is very important. This device type is extremely dangerous, its firmware has been modified to impersonate Human interface devices (HID) such as keyboards.
This class of BadUSB can inflict keystroke injection attacks and introduce malicious payloads to harm the operating system and network infrastructure. Blocking BadUSB is a standard function in USB Lock, the program makes a quick analysis when it detects any change on keyboard or mouse enumeration to prevent such attacks, other than that keyboards and mouse can work normally without restriction.