Endpoint Security
Security Desk


The USB and endpoint security solution Security.Desk helps to permanently secure external hardware interfaces, monitors mobile storage and Internet protocols and supports you in successfully closing security gaps. In doing so, it goes far beyond the possibilities of add-ons of common virus protection solutions or on-board tools of the manufacturers.


Protects data and networks from
data theft or importation
viruses and trojans via removable media


Automatically detects when a flash memory, a smartphone or a digital camera is connected to a PC via USB or FireWire or a CD or SD memory card is inserted and monitors all hardware interfaces and Internet protocols on the end device


Mobile storage on thin clients in Windows Terminal Server or CITRIX environments can also be monitored

Leader in granular assurance:

Security.Desk is a leader in the granular protection of clients in the network against unauthorized and uncontrolled use of mobile storage (USB sticks, memory cards, smartphones, cameras, etc.) and data transfers.

In addition, Security.Desk supports you by providing the solution:

  • prevents uncontrolled data flow,
  • file movements logged,
  • makes files unreadable for third parties,
  • prevents unwanted programs from running or
  • prevents the entry of external dangers.

Monitoring of all interfaces

  • Security.Desk controls the use of mobile storage devices, smartphones, digital cameras, etc. on the PCs in your network
  • The software monitors all hardware interfaces and Internet protocols (e.g. http, ftp, ...) on the end device
  • It is automatically recognized when, for example, a flash memory is connected to a PC via USB or FireWire or a CD or SD memory card is inserted
  • You specify what is then to be done: for example, whether the data transfer is to be blocked completely or whether the user is only allowed to view the files contained. All file movements can be logged.

File Logs and Reporting

  • File logs help, for example, to track which employee has exchanged and used data on a PC with a mobile memory
  • This control can be broken down to the level of allowed files and file types
  • The reporting provides an up-to-date overview of the use of, for example, external storage media per user and computer in the network
  • It also informs about the actions of your users at the interfaces of the end devices via e-mail

Interactive dashboard

  • Which of your clients are protected? Have suspicious actions been taken?
    If yes, where and by whom? The dashboard graphically displays the current status of endpoint security in the network
  • It enables detailed analysis options
  • Pie charts and bar charts provide information about the protection status of the clients
  • Includes various histories of mobile storage usage and file movements
  • Intuitive drill down options
  • In addition, it has pre-filtered standard reports

Granular rights allocation

  • Assignment of rights: at user, group or computer level, different rights can be assigned to each individual computer, device, user, group or OU per interface type
  • rights hierarchy: Allows multilevel exceptions to policies
  • Individual restriction options: Interfaces can be assigned the following rights at every hierarchical level: everything allowed, only read, no write, everything forbidden
  • More individual configuration options: Allows, for example, the use of individual devices (according to ID) or device types despite being prohibited

Manipulation security

  • The security service on the target clients cannot be influenced or stopped by the local administrator

Temporary Shares

  • With Security.Desk, mobile users can also be granted temporary user rights for the interfaces via code remote activation, even if the notebooks are disconnected from the network

File encryption

  • Files can be encrypted using the AES method
  • One or more files can be conveniently selected using the context menu of Windows Explorer with FCS CryptMe! be encrypted or decrypted

Protection from BadUSB

  • BadUSBs secretly log on to the computer as a mouse, keyboard or network card and then allow remote control or external use of the infected systems
  • If the USB stick is manipulated, masquerading as a keyboard or mouse, for example, it can be blocked directly by the user

Central Management Console and Agents:

On the one hand, Security.Desk consists of a central administration console, which the responsible employees use to carry out the configuration and, on the other hand, agents that run on the clients to be secured or the terminal server and implement the policies that have been defined in the management tool.

The following modules can be purchased separately:

Security.Desk add-on modules

Active Directory Loader

Makes the transfer of clients from AD to Security.Desk much more convenient and easier.

Network protocol

File protocol for all common internet protocols.

Terminal Server

Monitors file movements of local drives on thin clients in remote sessions from Windows Terminal Server, Windows Server 2016 RDS, Citrix MetaFrame or Citrix XenApp.

Block sharing of certain storage media or file types and prevent software applications:

White list:

White list devices/device types: The white list allows the use of individual devices (by ID) or device types despite the ban. You regulate individually whether only a special device with a serial number or a specific device type should be released. You can store a white list per organizational unit, per group, per user and globally.


Blacklist Software: The software blacklist prohibits the execution of certain software (eg: Microsoft Internet Explorer).
Blacklist file types: The black list of file types prohibits reading/copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and/or writing to removable storage.

Large company? Complex network?

Security.Desk Enterprise Edition: Active Directory Loader

With the Security.Desk Enterprise Edition, clients, OUs and groups can be omitted
import into Active Directory and automatically assign clients to them.

With the Enterprise Edition, Security.Desk is connected directly to the Active Directory. Different profiles for the transfer of OUs and groups from the Active Directory can be easily and conveniently defined. A time control enables a periodic synchronization of the Active Directory with Security.Desk. New clients are thus automatically assigned to the appropriate profile (e.g. a location or a department). The system optionally creates groups in the manager's tree from the OU structure in the Active Directory.
The coupling with the Active Directory enables single sign-on for Security.Desk admins and, in addition to the assignment of rights on an AD basis, now also makes it easier to find specific groups and OUs in the Active Directory more quickly. The access rules via interfaces on PCs and / or thin clients in complex company structures can be managed much more effectively centrally and decentrally.

Security.Desk as Intrusion Prevention System (IPS)

Security.Desk recognizes attacks on networks and computer systems, can take automatic countermeasures and offers additional protection over firewalls.

In daily use, the administrators use their central administration console (Security.Desk) to determine how the agents running on the clients should behave. The status of the security services is extensively processed in the dashboard.

In addition to e-mails and infected programs, USB sticks are probably one of the most important ways of distributing malware. But not only can they bring malware to computers, they can also be lost. If official data is then on the external data carriers, it can easily fall into the wrong hands.

  • Security.Desk controls the USB port. If an unencrypted stick is plugged into the port, you now have the option with CryptoMe to encrypt the data contained therein. The data can also only be decrypted with CryptMe.
  • Each individual computer, user, group or OU can use pro Interface type different rights be assigned to. The "Everyone" level corresponds to the company guidelines and applies if there are no exceptions at higher hierarchical levels.
  • Security.Deks rights assignment is very individual, there is one rights hierarchy, which allows exceptions at multiple levels. The rights of the higher level beat those of the lower ones.

Individual restriction options

  • The interfaces can be assigned the following rights at each hierarchy level:
  • everything allowed
  • read only, do not write
  • everything forbidden
  • In addition, a file log can be activated, which shows when which file was copied from/to removable storage.

More individual configuration options

  • The white list allows the use of individual devices (by ID) or device types despite the ban.
  • The software blacklist prohibits the execution of certain software (eg: Microsoft Internet Explorer).
  • The file type blacklist prohibits reading/copying certain file types (ex: .doc, .jpg, .exe, etc.) from and/or writing to removable storage. It can be inverted at the push of a button so that, for example, only certain file types can be read/executed.

Interface monitoring, BadUSB monitoring, alerts for monitored interfaces, extensive reporting, terminal server file protocol, network logging* as well as URL filters and data encryption are part of the Security.Desk range of services.

* Add-on module

  • Proactive whitelist and blacklist surveillance technology
  • Definition of prohibited applications using the black list
  • Constant analysis of the executed applications
  • The use of USB sticks, modems, Bluetooth and IrDA components as well as floppy disks and the like on the client is monitored.
  • The assignment of rights also controls which access rights users of such devices have, whether the data on them should be encrypted and which file types may be transferred at all.
  • Responsible employees are always in the picture about what is happening in their network.
  • Just like the configuration, monitoring is carried out via the dashboard and lists of clients and their status.
  • Real-time monitoring as well as protocol and logging functions are possible.
  • Reports are automatically emailed to the responsible employees and provide information about the action triggered by each defined rule.
  • Filter functions enable quick and efficient browsing of the log entries.

Advantages at a glance:

  • Security.Desk controls the use of mobile storage devices, smartphones, digital cameras, etc. on the PCs in your network
  • The software monitors all hardware interfaces and Internet protocols (e.g HTTPFTP, ...) on the end device
  • Active Directory integration
  • Assignment of rights: allow, read only, prohibit - separated by HW interface - per user, group, OU & ​​device
  • Log of file movements to and from removable media
  • Block reading or writing of certain file types from or to removable storage
  • Detection of forbidden "embedded files" in Office files
  • Monitoring of file movements on local drives on thin clients
  • Clear central control station for compliance management, service distribution and reporting
  • Free addition to be monitored USB device types
  • "White list" for specific devices (by ID) or device types
  • Ban software applications via blacklist
  • Temporary activation of offline computers via access code
  • Alert via email or tray icon
  • Security service cannot be terminated
  • Flash Reminder – reminds you when you log off your PC if there are still removable media connected to the computer
  • Protection against BadUSB (memory sticks with manipulated firmware) by controlling input devices (mouse and keyboard) and network adapters
  • The BIOS information and the data of the logical drives including capacity (total / occupied / free) are read out and displayed for each client
  • The data of the logical drives of the clients are read together with the "BitLocker" status
  • Security.Desk displays the complete data on the client's operating system (version, release, build no., service pack, etc.)
  • You can see from the BIOS information in Security.Desk per device or from a report whether “UEFI Secure Boot” is activated on these clients or not
  • Windows update options and status per computer as well as information on the Windows update server
  • For HID Bluetooth devices such as mouse and keyboard (Human Interface Devices), the battery level is also transmitted to the manager
    • The system automatically removes (unpairs) Bluetooth devices from the computers when their use is prohibited
  • Integration with Store O'Crypt (AES 256 hardware encrypted USB stick from FCS)

Test Security.Desk for free or purchase it directly

As your company expands, so does your need for security – Security.Desk is your most reliable employee when it comes to endpoint security!

The price of Security.Desk depends on the number of clients to be monitored
and then which additional modules are to be used.

Starting at EUR 8,00 per client

Do you have anymore questions?

We are happy to help:

      +49 911 810 881 0


All new features and functions for Security.Desk can be found here:

Start typing and hit Enter to search