USB-Lock-RP Device Control Endpoint Security Software logo by Advanced Systems International

USB Device Control Endpoint Security Software
USB Lock RP©

The Best USB Device Control software to centrally manage, monitor & block USB access to computers in a network. Features advanced USB lockdown to protect windows endpoints from malware & data-loss by blocking unauthorized removable drives, portable devices and wireless adapters.

Device Control Software - Managing Devices Access:

USB Device Control remains an important aspects of Endpoint Security and focuses in the protection of computer systems and data assets from threats posed by the unauthorized usage of USB devices, adapters and peripherals that can be connected to computer ports. Controlling USB Storage & Portable Devices Access to endpoints is required to secure networks that control machinery or store sensible data.

Removable storage is considered an attack vector by itself and a probable initial attack vector in an infection sequence. Windows Operating Systems are by design plug & play friendly to devices, this is a good feature, nevertheless in industrial and business environments access to usb ports and removable devices need to be controlled to prevent systems infection and data loss. To accomplish this, we are proud to present you, USB-Lock-RP (a.k.a., USB Lock Remote Protect) Device Control Software.

USB-Lock-RP Device Control Software:

USB-Lock-RP Device Control

Centrally Control Devices Access to Computers

USB-Lock-RP is the strongest solution to centrally manage access to USB ports, removable storage, mobile devices and wireless adapters to servers, workstations and laptops in a network.

Specialized in Protecting Industrial DCS/SCADA and Critical Infrastructure Control Systems as well as business computer networks storing sensible data.

The Management application operates on-premises within the network and provides real-time control over endpoint computers. It controls mobile devices access policy and enforces rules to specific computers, as well as groups of computers with ease.

Receives devices connection alerts and logs events automatically, including USB Monitoring for details on approved file transfers.

Protects by authorizing (whitelist) specific USB removable drives and MTP devices by hardware ID while blocking the rest. All VID/PID/IDs are stored encrypted to prevent spoofing. (only readable within the control interface). Devices can be authorized to work on specific machines only, as well as in all the network.

Also controls access of remote USB devices that could be shared from remote systems. Remote Devices can be blocked or be specifically authorized normally. (Compatible with USB over Network software.)

No need to order additional modules to protect data on authorized devices as it includes USB access control by strong encryption. Forcing encryption on approved removable drives that can be turned ON or OFF in real-time from its administrative console.

Classified as Device Control Software, USB-Lock-RP is a fully independent tool, specifically designed to protect windows operating systems new or old, without concern to dependencies, at the smallest memory/storage footprint of any software of its kind.

Prevents Systems Infection:

By allowing access to only authorized devices, administrators can significantly reduce the risk of systems infection by blocking USB-based exploits and other Portable devices infected with malware from entering the systems and spreading in the network infrastructure.
Blocking Zero-day USB-based exploits requires USB device control because antivirus signature-based defense is useless on Zero-day cyber attacks. Off course if your network is Air gap (isolated) this is more so, as your antivirus signatures won't be quickly updated.

Prevents Data loss (DLP):

Sensible Data stored in your organizations computers network is a most valuable asset, Using Portable devices may expose sensible data to both, outsider’s theft and insider’s unauthorized hands. Keeping this value protected from the risk of data loss, data theft is challenging. USB-Lock-RP Device Control prevention measures address this risk by disallowing access of unauthorized portable devices and forcing AES 256 encryption to authorized flash drives.

  • Centralized | On-Premises | Real-time | Device Control
  • Secures Groups of Computer or Specific Computers
  • Whitelists Specific Devices by Hardware ID and Blocks the rest
  • Receives Alerts & Logs Device Connections in the Network Automatically
  • Presents Full Screen Locking upon Blocking Devices (includes your company logo)
  • Monitors & Encrypts File Transfers from Endpoints to Authorized USB drives (ON/OFF)
  • Prevent Computer Systems Infection
  • Prevent Data-loss from Computers & Devices
  • Inform of Devices Connection Events & Activity
  • Compliance with Endpoint Security Policies and Regulations
  • Permanent licensing model, at low cost. (no additional modules needed)
  • Network TCP/IP (LAN or WLAN).
  • Windows Operating Systems from NT 10 to NT 5.1 (Physical or Virtual Machine)
  • Other Dependencies: None
  • Critical Infrastructure Cyber Security
  • OT Industrial Networks DCS and SCADA
  • IT Small-Mid-Large Business/Enterprise Networks.
Protection Scope: Block & Control the following Devices: USB, e-SATA, FireWire drives, mobile phones MTP, CD, Bluetooth, IRDA, WiFI and type HID keyboard impersonator BadUSB devices.

USB Removable storage drives: USB 2.0, USB .3.0 | Card readers: CF, SD, SDMicro, MMC, XD | Media transfer protocol portable storage: MP3 players, iPods, iPads, PDA, hand-held computers, tablets, digital cameras, mobile phones, blackberry | External magnetic hard drives: e-SATA, Firewire (IEEE 1394) | External and Internal: CD, DVD, Blu-Ray | Wireless Transceivers: WiFi, IrDA, Bluetooth | badUSB HID impostor devices | remote USB devices.

Software Type:
  • Control: Management application On-Premises (not Cloud based)
  • Client: Local System Service
Supported Operating Systems:

From NT 5.1 to NT 10:device control for windows operating systems Windows-Server 2016, Windows 10, Windows 8.1, Windows-Server 2012 R2, Windows 8, Windows-Server 2012 , Windows 7, Windows Server 2008 R2, Windows-Server 2008, Windows Vista, Windows-Server 2003 R2, Windows-Server 2003 , Windows XP, Embedded POSReady 2009, VMware and Thin Clients. (32/64 bits)

  • Latest Version: V (October 2018)
  • Age: 13 Years (Since 2005)
  • Status: Active

Watch Video

Datasheet (PDF)


Straightforward Operation, Start protecting your network in minutes. Very easy to operate and set security policy. Protection scope is divided in 4 sectors; just select a client machine or computer group and press the desired lock to keep removable storage and portable devices threats away. Once set operation is automatic. Intuitive administrative GUI, virtually no learning curve involved.

Strong USB Device Control:

Prevents Zero-day USB-based exploit from entering your systems. Blocks USB Incoming and outgoing of data. Authorized Devices Hardware IDs working storage is AES 256 variable key, variable initiation vector CBC Mode encrypted and HEX masked. Prevents USB Devices Hardware ID spoofing. Secures systems even if the user is running with administrative credentials

Centrally Managed Granular Policy:

Authorize specific USB removable drives and/or specific smartphones access to specific computers or to all computers in the network and block the rest. Prevents unauthorized access to USB ports, removable storage, portable devices and other Removable Media from accessing operating systems in the network.

Real-time Endpoint Device Control:

Allows to set or change security measures and automatically receive and log details on blocked, and authorized devices as they are plugged into endpoint computers in real-time. As well as logging and receiving records of files transferred from endpoints to authorized USB Devices as events occur.

Personalized USB Lockdown:

Presents informative Lockdown alerts screens at client computers upon blocking devices, USB Lockdown screens presented at endpoint computers are personalized with the end-user organization/enterprise logo. Personalization is automatically done by our team prior to secure electronic delivery (within 4 hours order made)

Smart USB Access Control Software:

Designed to control USB port access without interfering with non-storage USB peripherals (mouse, keyboards, webcams, printers), But capable of detecting and unobtrusively protect against keystroke injection and malicious payload attacks by devices such as BadUSBs (USB Rubber Ducky) that impersonate HID keyboards or mouse.

USB Thumb Drives Monitoring:

Effective monitoring of data/files transferred from endpoint computers to authorized USB portable storage (thumb/flash/pen drives). Records automatically arrive and are stored secured at the Control server. The Administrative Console can be set to send these records to a SMTP (TLS/SSL) email within your domain in real-time.

USB Thumb Drives Encryption:

Protects information contained inside authorized Thumb drives by optionally forcing automatic AES 256 encryption of all transferred data/files from network endpoint computers to allowed USB devices, Effectively provides USB access control to protect sensible data in cases when the authorized device is lost or stolen. USB Encryption policy can be enabled or disabled with just a click.

Perpetual use Licenses & Support:

Licenses are End-user Organization Perpetual use Licenses and include 2 years updates, after 2 years updates are optional at 20% of licensing cost. USB-Lock-RP is not support demanding, once set it works as intended, this has to do with product maturity and that at client-side it deals with hardware, not users. Support is in English at no charge by email or phone.


Doesn’t require internet or Active directory.
Protects even if client endpoint is disconnected from the network. Protects at System level. (effective even if running under administrative account.) Starts protecting even if no user is logged into the system. Works on air-gapped networks and remote locations.

Available for Download:

Fully functional DEMO ready for download. Test how USB Lock security software, manages USB ports and Devices access to endpoints with ease and monitor authorized Thumb drives without time limitation in up to 5 clients. Dedicated team on stand by to assist on any questions you may have (24x7).

Best endpoint device control software

Endpoint Device Control:

Refers to the protection of the Network Endpoint Computer Running Windows Operating System. It can be a Server, Workstation or Laptop. To effectively protect the endpoint a USB-Lock-RP client is deployed and operates as a system service locally. Besides local enforcement of policy the service purpose if to communicate with the USB-Lock-RP Control Application. The Control Application is installed on a Server inside the network and operates independently as the Centralized Administrative Console. Its main function is to centrally control devices access to Endpoint ports, Receive alerts and logs events.

USB Access Control:

Refers to controlling access to data contained inside authorized USB flash drives (e.g.,Thumb drive, Pen drive, Memory Stick). Access is restricted by automatically forcing AES 256 encryption, To all files transferred to the protected USB drive. There is no software installation required inside these devices as the USB-Lock-RP service is in charge of Monitoring, Encryption and Decryption. This method effectively protects data inside usb removable storage according to the Control Application set policy (Auto encryption can be set ON or OFF in real-time).

USB Lockdown:

Refers to automatically Locking access to the computer screen. Lockdown occurs when unauthorized USB storage devices (e.g.,USB 2.0, USB 3.x) are connected to the protected endpoint usb ports (e.g.,standard USB type-A, USB type-C), or remote USB. USB-Lock-RP considers the unauthorized connection of usb storage devices a serious intrusion attempt that should be stopped by all means, USB Lockdown is part of the software redundant measures applied to protect the system. This measures take place upon detection and included preventing drivers to load, stopping, dismounting, disabling, ejecting devices and also blocking access to the desktop. Protection measures escalated depending on the device type and the device status but lockdown is normally included when blocking usb and other removable storage under the software protection scope.

USB Lockdown

USB Lockdown full screen window alerts extend to multiple monitors and remain until any of the following conditions is met:

  • The unauthorized device is removed.(client side)
  • The master password is used. (client side.)
  • The sector is unprotected. (control side.)
  • The device is authorized. (control side.)

How to Block Removable Storage on a Specific Endpoint:

  1. Select a client PC from the USB-Lock-RP management console network list.
  2. Add computers to groups by right clicking on the selected machine and choosing a group. (optional)
  3. Click on the left side lock.

Done!, you have just protected the selected computer removable drives sector. Now the following devices will be blocked: USB, eSATA and Firewire drives, Mobile phones (MTP Protocol), Smart cards.

How to Block Removable Storage on a Group of Endpoints:

By default 5 groups are created, and all new installed clients will belong to group 1 as seen on the groups column, so you are ready to block removable storage on all computers at this point.

  1. Rename groups using the group rename function.(optional.)
  2. Add computers to groups by right clicking on the selected machine and choosing a group name.(optional.)
  3. Click the Group security button and choose the group name, sector (e.g., Removable drives), desired action (e.g., Protect) and press OK.

Great! you just Locked down removable drives sector on all computers that belong to the chosen group. You will see all computers in that group changing its security status to protected in real-time.

How to Whitelist Thumb drives and Smartphones:

Authorizing specific USB pen drives and Mobile phones is as easy, just insert the device you need to authorize (at the control or at the client) and press authorize. Done!

Besides USB Device Control (Removable Storage Sector), Three other sectors to manage are available and are as easy to protect: CD/DVD Sector, iRDA/Bluetooth Sector, and WiFi Sector.
All blocked or authorized device connection to any client computer automatically generate an alert event stored encrypted at Control server. This records are readable from within the Central USB-Lock-RP Device Control Interfase and show date-time, Hardware ID, logged user & machine name.
All blocked devices at endpoint client generate a full screen alert visible at client bearing the licensed organization logo at top-left corner.

How to Monitor Files Transferred Thumb-drives:

USB Monitoring is activated or deactivated with just one click independently of the removable storage sector protection state. (while protected or unprotected state)
Monitored data include the name and exact weight of transferred files from the client endpoint PC to flash drives, logged user, device hardware ID, source machine name, date/time when the event started.
Records are sent encrypted AES 256 hex masked from the endpoint computer to the control in near real-time and are organized at the control by endpoint machine name/date/time for review as needed.
At the Central control server the collected data remains encrypted and same as all device insertion attempts records is only readable within the Device Control interface.

How to Protect Information Inside Thumb drives (Encryption):

USB Device Access Control is done by forcing automatic Encryption, this function can also be turned ON or OFF with just one click. (USB Monitoring needs to be activated for Encryption to work).

When USB Encryption is active all files transferred from the endpoint computer to authorized USB flash drives are automatically AES 256 encrypted. (all data not just the headers)

Stored files on encrypted USB Thumb drives can be opened within the endpoint originating client or within any other endpoint USB-Lock-RP client that have USB Encryption activated. (files are automatically decrypted in those systems when opened)

This function ensures that information contained inside authorized devices is only accessible within determined computers in the network and none outside the network.

How to Protect Against badUSB devices:

Included in the removable drives sector is protection against badUSB device e.g., USB Rubber Ducky, this type of device is extremely dangerous as its firmware has modified to impersonate Human interface devices (HID) such as keyboards.

This type of BadUSB could inflict keystroke attacks and introduce malicious payloads that could harm endpoint computers and network infrastructure. So the program makes a quick analysis when detects any change on keyboard/mouse enumeration to prevent such attacks, other than that keyboards and mouse work normally without restriction.

USB lock rp device control is licensed by over 1000 organization worldwide
Licensed by top-notch organizations:

USB-Lock-RP is Centrally Managed USB Device Control Software that comes with perpetual use license, reasonable cost, operates without requiring internet connection, and offers its service as a tool you can call your own. No matter how big or small your network is, USB-Lock-RP is designed for performance and scalability, effectively protecting computer Networks of any size.

We invite you to learn more and to Download & Try USB Lock Software free non-expiring Demo Today!