Key Features
GFI EndPointSecurity offers the following main features:
| GFI EndPointSecurity features | |
|---|---|
|
Group-based protection control |
In GFI EndPointSecurity you can configure and place computers into groups that are governed by one protection policy. This allows you to configure a single protection policy and apply it to all the computers that are members of that group. |
|
Granular access control |
GFI EndPointSecurity enables you to allow or deny access to a specific device as well as to assign (where applicable) ‘full’ or ‘read only’ privileges over every supported device (e.g. CD/DVD drives, PDAs) on a user by user basis. |
|
Scheduled deployment |
GFI EndPointSecurity allows you to schedule the deployment of protection policies and any related configuration changes without the need to keep to the GFI EndPointSecurity management console open. The deployment feature also handles failed deployments through automatic rescheduling. |
|
Access control |
Apart from blocking a range of device categories, GFI EndPointSecurity also allows blocking:
NOTE In Microsoft Windows 7, a feature called BitLocker To GoA Microsoft Windows 7 feature to protect and encrypt data on removable devices. can be used to protect and encrypt data on removable devices. GFI EndPointSecurity performs checks on real file types encrypted with Windows 7 BitLocker To Go. |
|
The administrator can define a list of specific devices that are permanently allowed and others that are permanently banned. |
|
|
Power users |
The administrator can specify users or groups who would always have full access to devices that are otherwise blocked by GFI EndPointSecurity. |
| The administrator is able to grant temporary access to a device (or group of devices) on a particular computer. This feature allows the administrator to generate an unlock code that the end-user can use to obtain a time-limited access to a particular device or port, even when the GFI EndPointSecurity agent is not connected to the network. | |
|
Status dashboard |
The dashboard’s user interface shows the statuses of live and deployed agents, database and alerting servers, the GFI EndPointSecurity service as well as statistical data with charts. The main application keeps track of the live agent status by communicating with its deployed agents. Maintenance tasks are performed automatically once an agent goes online. |
|
Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. deployment through MSI |
From the GFI EndPointSecurity management console it is possible to generate MSI files that can be later deployed using the Group Policy Object (GPOGroup Policy Objects.) feature within the Active Directory or other deployment options. An MSI fileA file generated by GFI EndPointSecurity for later deployment using GPO or other deployment options. It can be generated for any protection policy and contains all the relevant configured security settings, including installation settings for unprotected target computers. will contain all the security settings configured in a particular protection policy. |
|
Agent management password |
Agent management functions (such as update and un-install) are protected by a user-configurable password. This means that any other GFI EndPointSecurity instances will not have access to the agent management options. |
|
Device discovery |
The GFI EndPointSecurity engine can be used to scan and detect the presence of devices on the network, even on computers that are not assigned any protection policy. The information gathered about detected devices can then be used to build security policies and assign access rights for specific devices. |
|
Logs browser |
An in-built tool allows the administrator to browse logs of user activity and device usage that is detected by GFI EndPointSecurity. |
|
Alerting |
GFI EndPointSecurity allows you to configure e-mail alerts, network messages and SMS messages that can be sent to specified recipients when devices are connected or disconnected, when device access is allowed or blocked and upon service generated events. |
|
Custom messages |
When users are blocked from using devices, they are shown popup messages explaining the reasons why the device was blocked. GFI EndPointSecurity allows the customization of these messages. |
|
Database maintenance |
To maintain the size of the database backend, GFI EndPointSecurity can be set to backup or delete events older than a custom number of hours or days. |
|
Device encryption |
For maximum security, GFI EndPointSecurity can be configured to encrypt storage devices using AES 256 encryption. Encryption can be enforced on specific computers running agents over the network. |
| Data leakage risk assessment | The dashboard enables users to see potential data leakage risk for each endpoint. Use the provided tips and perform suggested actions to reduce risks levels. |
| Content awareness | The content awareness feature enables users to look into files entering the endpoints via removable Devices. Content is identified based on predefined (or custom) regular expressions and dictionary files. By default, the feature looks for secure confidential details such as passwords and credit card numbers. |