Device Control

The Device Control module is the first layer of security provided by Endpoint Protector. By defining granular access rights for USB and peripheral ports, device security is enforced while productivity is maintained. As a cross-platform solution, it protects the entire network, regardless if the computers are running on Windows, Mac OS X or Linux. 


The Device Control module allows management of the most commonly used device types and simplifies IT Administrators' lives in several ways.

Controlled Device Types
  • USB Storage Devices (USB Flash Drives, Sticks, Pen drives, etc.)
  • External HDDs (incl. sATA HDDs)
  • CD/DVD-Players and Burners (internal and external)
  • iPhones, iPads and iPods
  • Smartphones and Tablets (incl. Android devices, Blackberry and PDAs) 
  • Digital Cameras
  • MP3 Player and other Media Player Devices
  • Card Readers (internal and external)
  • Memory Cards (SD, MMC, CF, Smartcard, etc.)
  • Printers
  • Floppy Drives
  • Webcams
  • WiFi Network Cards
  • FireWire Devices
  • Biometric Devices
  • Bluetooth Devices
  • ZIP Drives
  • ExpressCard SSD
  • Wireless USB
  • Serial Port
  • Teensy Board
  • PCMCIA Storage Devices
  • Thunderbolt
  • Network Share
  • Thin Client Storage (RDP Storage)
  • Additional Keyboards
  • USB Modems
  • Infrared Dongle
Extremely Versatile
Providing all employees with the same device access rights may not work in every situation. Depending on the department and day to day tasks, different permissions could be required. The Marketing Department may need to use Digital Cameras while the Accounts Payable should not.
Increased productivity
Not just a result of the simple web-based interface and the granularity of Endpoint Protector, productivity can also be increased through the use of whitelisted devices. The company issued devices can be allowed throughout the entire company.
Enforced Encryption
Taking advantage of everything Device Control has to offer, enhance security one step further by implementing Enforced Encryption. With USB and peripheral ports already under control, ensure that all USB mass storage devices used throughout the organization are encrypted.

Content Aware Protection

The Content Aware Protection module is the second layer of security provided by Endpoint Protector. It prevents data leakage through all possible exit points, from clipboard, screen captures, USB devices, to applications including Microsoft Outlook, Skype or Dropbox. Through efficient content inspection, transfers of important company documents will be logged, reported and managed.


The Content Aware Protection module allows management of file transfers via the most common exit points, preventing data leakage.

Controlled File Transfers
  • Web Browsers
Internet Explorer, Chrome, Mozilla Firefox, Opera, Safari, AOL Desktop 9.6, Aurora Firefox, K-Meleon, SeaMonkey, Tor, Camino, iCab, OmniWeb, Sleipnir, Adobe Flash Player
  • E-mail Clients
Outlook Attachments, Outlook Body, Mozilla Thunderbird, IBM Lotus Notes, Mozilla Thunderbird Body, IBM Lotus Notes, Windows Live Mail, GroupWise Client, PowerMail, AirMail Beta, Zimbra Desktop Mail, Endora, eM Client, Sparrow, GyazMail, Foxmail, Sparrow Lite, Postbox, Mail, Outlook Express, Windows Mail, AOL Mail, Courier, SeaMonkey Mail, Opera Mail
  • Instant Messaging
ICQ, AIM, Skype, Yahoo Messenger, Windows Live Messenger, Gaim, Pidgin, Trillian, TateOnfMessenger, Spark, Telegram Desktop, Messages, Hall, OpenTalk, Audium, Line, TurboIRC, WinSent Messenger, XChat, TweetDeck, Pink Notes Plus, Google Talk, Twhirl, QQ International, mIRC, MySpace IM, KakaoTalk, Duam MyPeople, Chit Chat for Facebook, eBuddy, Faceboo fMessenger, fTalk, LAN Chat Enterprise, LingoWare, Microsoft Communicator 2007, MyChat, Nimbuzz, ooVoo, Microsoft Link, Mail.Ru Agent, Slack
  • Cloud Services / File Sharing
Google Drive Client, iCloud Client, uTorrent, BitComet, Duam Cloud, KT Olleh uCloud, Azureus, Box Sync, SugarSync, Picasa, Amazon Drive, iBooks Author, MediaFire Client, Novell Filr Client, AirDrop, Transmission, Morpheus, FileCloud Sync Client, OneDrive (Skydrive) Client, LimeWire, FTP Command, BitTorrent, ownCloud Client, Pogoplug Backup, Shareaza, Pruna P2P, SendSpace, DC ++, Dropbox Client, eMule, Evernote, FileCloud Sync Client, Kazaa, Android File Transfer, GitHub Client, MEGA, Yandex Desk
  • Social Media / Other
Nokia PC Suite, Total Commander,Sony Ericsson PC Companion, InfraRecorder CD - DVD, HTC Sync for Android, GoToMeeting, Windows Apps, EasyLock, Windows DVD Maker, Team Viewer, ALFTP, LogMeIn Pro, iTunes, FileZilla
Straightforward Policy Builder
Derived from the need to allow employees to use collaboration tools and online applications that make them more efficient, a Content Aware Protection Policy can eliminate the risks of data loss, leaks or data theft. With just a few clicks, a policy can be created, allowing for an in-depth content inspection of all file transfers. It works for Windows, Mac OS X, and Linux, so after selecting the operating system, enable the needed restrictions and apply them to groups, computers, and users or globally throughout the network. To get you started as quickly as possible, predefined filters and dictionaries are available for confidential contents such as Personally Identifiable Information or Credit Card Numbers. Moreover, pre-configured policies such as PCI and HIPAA are available.
Efficient and Customizable
With an extremely short learning curve, the Content Aware Protection module provides various filters that go beyond Keyword Dictionaries and Regular Expressions. Multiple Thresholds, Blacklists, and Whitelists eliminate redundant scanning of file transfers, avoiding unnecessary use of resources or excessive logs and reports. To help customization even further, policies can be set to Report Only, offering the IT administrator a clear understanding of the file transfers taking place in the organization before implementing restrictions.
Suitable for SMB and Enterprise
Designed with both Small and Medium Businesses and enterprises in mind, robust and reliable, the Content-Aware DLP features provided by Endpoint Protector are a great fit for any network size. While its Active Directory integration and synchronization feature may not be used by most small businesses, it is definitely a requirement for larger networks. There are also many other additional features that make things more convenient and suitable for enterprise use, such as SIEM integration, terminal server or thin clients support and more.


The eDiscovery module from Endpoint Protector provides Data Loss Prevention for data at rest. It prevents data breaches by scanning and identifying sensitive data at the endpoint level on Windows, macOS, and Linux computers. Endpoint Protector eDiscovery ensures compliance with regulations like HIPAA, PCI DSS and others. eDiscovery offers visibility into scans, identifying where confidential data resides and remediating by encrypting or deleting the identified confidential data.


eDiscovery scans sensitive data residing on employees’ computers and provides the option to encrypt or delete discovered data.

Policy Blacklists
  • File Type
If selected, the following file types will be automatically reported:

Graphic Files (jpeg, png, gif, bmp, tiff, psd, etc.), Office Files (word, excel, pdf, powerpoint, outlook, publisher, etc.), Archive Files (zip, rar, ace, tar, xar, xz, etc.), Programming Files (c, cpp, java, py, pas, asm, dmp, xml, dtd, etc.), other files (autocad files, text files, dta, xia, journal files, drm files, etc.), Media Files (mov, mp3, mp4, wav, avi, vma, etc.).
  • Predefined Content
Scan endpoints for the following content:

Credit Cards (Visa, Mastercard, Discover, JCB, Diners, Amex), Personally Identifiable Information (IBAN, date, e-mail), Address, SSN, ID, Passport, Phone Number, Tax ID, Driving License, Health Insurance Number, Internet Protocol Addresses.
  • Custom Content
Inspect endpoints according to words and expressions relevant for your business added in dictionaries either through Type or Copy/Paste or through Import.
  • File Name
Scan for specific files through the File Name Blacklist. All discovered files are reported and can be deleted or encrypted to prevent disclosure of sensitive content.
  • Regular Expressions
Include Regular Expressions in your policy blacklists if you want to find the matching items of a certain pattern for confidential data.
  • HIPAA regulated data
Make sure your organization is HIPAA compliant identifying sensitive HIPAA regulated data like addresses, phone and fax numbers, emails, FDA recognized pharmaceutical prescription drugs, firms, ICD-10 codes and diagnosis lexicon, and others. Apply the necessary remediation actions once data is discovered.
Increased control of your intellectual property
With eDiscovery you can identify, manage, and control what confidential data is stored on your endpoints. Intellectual property (IP) like trade secrets, trademarks, copyrights, patents, industrial designs should be accessed only by authorized, trusted employees and in no circumstance leave the company. Endpoint Protector eDiscovery scans all documents residing on desktops, laptops, and servers, identifying and localizing IP as well as other confidential data, further offering remediation actions for proactive data breach protection.
No additional installation required
eDiscovery does not require separate installation, being easily activated within the management console with valid licenses. There is no need to setup a different server for management, making Administrators’ job easier.
Auditing and Remediation Actions
To be able to control, analyze confidential data, and comply with regulations like PCI DSS, HIPAA, FISMA, and others, an audit is required. With eDiscovery, auditing and remediation are possible, ensuring full monitoring of sensitive data via flexible scanning policies based on blacklists and whitelists.

Cross-platform Support

Endpoint Protector can protect confidential information throughout the entire network, regardless if the computers are Windows, Mac or Linux-based. This will provide a safer working environment, regardless if you are using the latest Windows 10 or macOS Sierra.

Multilingual User Interface

The user interface is available in more than 10 languages, making the administration easier by bridging the language gap. Among the provided languages: English, German, French, Spanish, Romanian, Korean, Russian, Chinese, Hungarian and more.

AD Import & Sync

Take advantage of Active Directory or similar tools, making larger deployments simpler. Import and sync all groups and entities. It will also simplify device management and content filtering policies with customizable templates for defined Active Directory GPOs.

Low Resource Usage

The Endpoint Protector client software has a minimum footprint, using very little memory and reducing end-user impact. Our DLP solution requires during regular usage less than 1% CPU and approximately 22 MB, which is less than typical desktop applications like instant messaging or e-mail.

Hardware Appliance

The Hardware Appliance is a Plug&Play solution, that allows IT Administrators to set up Endpoint Protector within minutes, with a few simple steps. It is suitable for organizations with more than 15 endpoints and it presents advantages like dedicated resources and isolation from other security solutions, making the process of detecting possible incidents easier.

Virtual Appliance

As a second option for an on-premise DLP solution, Endpoint Protector also comes as a Virtual Appliance. It provides increased flexibility, easy scalability, and affordability. The solution comes in different formats, compatible with the most common virtualization tools, like VMWare, VirtualBox, vSphere, HyperV, Parallels, XenServer and many others.

SIEM Integration

The possibility of transmitting all logs to a SIEM server allows for a seamless experience of the reporting and analysis capabilities by delivering high-quality data to one location. Your business will benefit from comprehensive analytics and graphics that provide real-time correlations for faster detection of incidents and threats. 

DLP for Thin Clients

Protect data on Terminal Servers and prevent data loss in Thin Client environments. Control the use of portable storage devices and filter data that is being copied or uploaded to cloud storage and other online applications.

HIPAA Content Aware Policies

HIPAA policies allow for an in-depth scanning of documents and blocking file transfers if they contain sensitive information like FDA approved drugs, ICD-9 codes and diagnosis lexicon, Personally identifiable information like Social Security Numbers (SSNs) and others.

DLP for Printers

Create policies for local and network printers to block printing of confidential documents and prevent data loss and data theft. Data Loss Prevention for Printers can be implemented with the use of both the Device Control and the Content Aware Protection modules.

Trial License

The Trial License allows access to all Endpoint Protector’s features for a period of 30 days. Protect and manage up to 50 computers running on Windows, Mac OS X, and Linux as well as 5 Android or iOS mobile devices.

DLP Compliance

Endpoint Protector DLP and MDM solutions support organizations to become compliant with industry rules and regulations like PCI DSS, HIPAA, SOX, and others and avoid huge fines and other prejudices.

Users and Computers Information

IPs, MAC Addresses and Usernames are part of any DLP solution. Gaining a better visibility into the network and understanding of users can be achieved by leveraging Employee IDs, Teams' membership, Computers (physical) Location, accurate contact details, and more.

Set Rights Globally

By default, Device Control Rights apply globally throughout the network. However, the module is extremely granular.

Set Rights per Group

Device Control rights can be granularly configured based on groups, allowing different access rights for various departments.

Set Rights per Computer

Device Control rights can be configured per computer. It is helpful when computers serve a unique role in the organization.

Set Rights per User

Based on their roles and tasks, each user can receive different device access rights according to the company policies.

Set Rights per Device

The granularity of the rights can be drilled down to the device level, based on Vendor ID, Product ID and Serial Number.

Custom Classes

Rights can be created based on classes of devices making management easier for products from the same vendor.


For encrypted devices, different access rights can be configured based on the level of encryption (software, hardware, etc.).

Offline Temporary Password
(for removable devices)

Temporarily allow device access to computers disconnected from the network. Ensure security and productivity.

Outside Hours Policies

In addition to the standard rights, additional Device Control Policies can be set to apply when outside the normal working hours. Business hours start and end time, as well as working days can be set.

Outside Network Policies

In addition to the standard rights, additional Device Control Policies can be set to apply when protected endpoints are outside the company’s networks. To ensure enforcement of rules, DNS Fully Qualifed Domain Names and DNS IP Addresses are considered.

Predefined Content Filters

Filters can be created based on predefined content such as Credit Card Numbers, Social Security Numbers and much more.

Custom Content Filters

Filters for sensitive data can also be created based on custom content such as keywords and expressions which can be added in various Dictionary Blacklists.

Regular Expressions Filters

Advanced custom filters can be created to find a certain recurrence in data transferred across the protected network.

File Type Filters

File Type Filters can be used to block specific documents based on their extension, even if these are manually modified by users.

File Whitelisting

While all other attempted file transfers are blocked, whitelists can be created to avoid redundancy and increase productivity.

Domain & URL Whitelisting

Enforce company policy but allow employees the flexibility they need to do their work. Whitelist company portals or email addresses where employees can send sensitive data.

Threshold for Filters

Define up to which number of violations a file transfer is allowed. It applies to each type of content or to the sum of all violations.

Disable Print Screen

Revoke screen capture capabilities and make sure no valuable data displayed on the screen is leaked out of the protected network.

Clipboard Monitoring

Eliminate data leaks of sensitive content through Copy & Paste / Cut & Paste, further enhancing the data security policy.

Offline Temporary Password
(for file transfers)

Temporarily allow file transfers to computers disconnected from the network. Ensure security and productivity.

File Tracing

Record all file transfers or attempts to various devices, online applications and cloud services, providing a clear view on users’ actions.

File Shadowing

Save a copy of files that were transferred to controlled devices or through emails, cloud storage or other applications.

Create E-mail Alerts

Granular e-mail alerts can be set up to provide information on the most important events related to device use and confidential file transfers.

Reports and Analysis

Monitor activity related to device use and file transfers with a powerful reporting and analysis tool. Logs and reports can also be exported.

Dashboard and Graphics

For a quick visual overview of the most important events and statistics, graphics and charts are available.

Responsive management interface

Manage DLP and MDM policies and check reports from any device, from desktop to tablet with the responsive management console.

Notification bar

Administrators have quick access to alerts about licenses state, new available features and other important events directly on the management interface header.

Automatic Scans

Scheduled scans can be set to start inspecting data at rest on a specifc date and time. Incremental detection of sensitive content can be confgured as a single occurrence or to re-occur at regular intervals (e.g.: every 7 days, every 30 days).

Encrypt data at rest

Once confidential data is identified with eDiscovery, the Administrator has the option to encrypt it with AES 256 strong encryption solution in order to prevent unauthorized employees’ access and further having the possibility of leaking data.

Delete data at rest

Secure data and ensure compliance with industry regulations by deleting sensitive information immediately it is identified if it violates the company policy.

Export eDiscovery scan results

Scan results are available for export in Excel, PDF or CSV files and can be used as reports for the management or as audit documents. The scan results provide the details about computers where sensitive data was found, what sensitive data, the path, time of discovery, if it was encrypted, deleted or reported, and other valuable information.

Content and file type scanning

Create custom eDiscovery policies defining what content is sensitive for your organization depending on file type, predefined content, custom content, file name, Regex or HIPAA protected content. Start scanning for sensitive data according to selected content.

Request Demo
* Your privacy is important to us. Check out our Privacy Policy for more information.