Key Features

GFI EndPointSecurity offers the following main features:

GFI EndPointSecurity features

Group-based protection control

In GFI EndPointSecurity you can configure and place computers into groups that are governed by one protection policy. This allows you to configure a single protection policy and apply it to all the computers that are members of that group.

Granular access control

GFI EndPointSecurity enables you to allow or deny access to a specific device as well as to assign (where applicable) ‘full’ or ‘read only’ privileges over every supported device (e.g. CD/DVD drives, PDAs) on a user by user basis.

Scheduled deployment

GFI EndPointSecurity allows you to schedule the deployment of protection policies and any related configuration changes without the need to keep to the GFI EndPointSecurity management console open. The deployment feature also handles failed deployments through automatic rescheduling.

Access control

Apart from blocking a range of device categories, GFI EndPointSecurity also allows blocking:

  • By file type - for example, allow the user to read *.doc files but block access to all *.exe files
  • By physical port - all devices connected to particular physical ports, for example, all devices connected to USB ports
  • By device ID - block access to a single device based on the unique Hardware ID of the device.


In Microsoft Windows 7, a feature called BitLocker To GoA Microsoft Windows 7 feature to protect and encrypt data on removable devices. can be used to protect and encrypt data on removable devices. GFI EndPointSecurity performs checks on real file types encrypted with Windows 7 BitLocker To Go.

Device whitelistA list of specific devices whose usage is allowed when accessed from all the target computers covered by the protection policy. and blacklist

The administrator can define a list of specific devices that are permanently allowed and others that are permanently banned.

Power users

The administrator can specify users or groups who would always have full access to devices that are otherwise blocked by GFI EndPointSecurity.

Temporary accessA period of time during which users are allowed to access devices and connection ports (when such access is normally blocked) on protected target computers, for a specified duration and time window.

The administrator is able to grant temporary access to a device (or group of devices) on a particular computer. This feature allows the administrator to generate an unlock code that the end-user can use to obtain a time-limited access to a particular device or port, even when the GFI EndPointSecurity agent is not connected to the network.

Status dashboard

The dashboard’s user interface shows the statuses of live and deployed agents, database and alerting servers, the GFI EndPointSecurity service as well as statistical data with charts.

The main application keeps track of the live agent status by communicating with its deployed agents. Maintenance tasks are performed automatically once an agent goes online.

Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. deployment through MSI

From the GFI EndPointSecurity management console it is possible to generate MSI files that can be later deployed using the Group Policy Object (GPOGroup Policy Objects.) feature within the Active Directory or other deployment options. An MSI fileA file generated by GFI EndPointSecurity for later deployment using GPO or other deployment options. It can be generated for any protection policy and contains all the relevant configured security settings, including installation settings for unprotected target computers. will contain all the security settings configured in a particular protection policy.

Agent management password

Agent management functions (such as update and un-install) are protected by a user-configurable password. This means that any other GFI EndPointSecurity instances will not have access to the agent management options.

Device discovery

The GFI EndPointSecurity engine can be used to scan and detect the presence of devices on the network, even on computers that are not assigned any protection policy. The information gathered about detected devices can then be used to build security policies and assign access rights for specific devices.

Logs browser

An in-built tool allows the administrator to browse logs of user activity and device usage that is detected by GFI EndPointSecurity.


GFI EndPointSecurity allows you to configure e-mail alerts, network messages and SMS messages that can be sent to specified recipients when devices are connected or disconnected, when device access is allowed or blocked and upon service generated events.

Custom messages

When users are blocked from using devices, they are shown popup messages explaining the reasons why the device was blocked. GFI EndPointSecurity allows the customization of these messages.

Database maintenance

To maintain the size of the database backend, GFI EndPointSecurity can be set to backup or delete events older than a custom number of hours or days.

Device encryption

For maximum security, GFI EndPointSecurity can be configured to encrypt storage devices using AES 256 encryption. Encryption can be enforced on specific computers running agents over the network.
Data leakage risk assessment The dashboard enables users to see potential data leakage risk for each endpoint. Use the provided tips and perform suggested actions to reduce risks levels.
Content awareness The content awareness feature enables users to look into files entering the endpoints via removable Devices. Content is identified based on predefined (or custom) regular expressions and dictionary files. By default, the feature looks for secure confidential details such as passwords and credit card numbers.