Endpoint Security


The USB and endpoint security solution Security.Desk helps to permanently secure external hardware interfaces, monitors mobile storage and Internet protocols and helps you to successfully close security gaps. It goes far beyond the possibilities of add-ons of common virus protection solutions or onboard equipment of the manufacturers.


Protects data and networks against
data theft or importation
from viruses and Trojans via removable media


Automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted, and monitors all hardware interfaces and Internet protocols on the end device


Mobile memory on thin clients in Windows Terminal Server or CITRIX environments can also be monitored

Leader in granular hedging:

Security.Desk is a leader in granular protection of clients on the network against the unauthorized and uncontrolled use of mobile storage (USB sticks, memory cards, smartphones, cameras, etc.) and data transfers.

In addition, Security.Desk supports you in that the solution:

  • prevents uncontrolled data leakage,
  • logging file movements,
  • making files unreadable for third parties
  • preventing the execution of unwanted programs or
  • making the intrusion of external threats impossible.

Monitoring of all interfaces

  • Security.Desk monitors all hardware interfaces and internet protocols on the end device
  • The software monitors all hardware interfaces and Internet protocols (e.g. http, ftp, …) on the end device
  • Security Desk automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted
  • You specify what has to be done: Is the data transfer completely blocked? Is the logged-in user allowed to use the contained data, only view it or only access certain file types? In addition, you have the option, for example, to only allow encrypted writing on the data carriers

File logs and reporting

  • File logs help track which employee on a PC has exchanged and used data with a mobile storage device
  • This control can be broken down to the level of allowed files and file types if the works council agrees
  • The reporting provides an up-to-date overview of the use of e.g. external storage media per user and computer in the network
  • In addition, it informs about the actions of your users at the interfaces of the end devices by email

Interactive dashboard

  • Which of your clients are protected? Were suspicious actions performed?
    If so, where and by whom? The dashboard shows the current status of endpoint security in the network at a glance
  • It provides detailed analysis capabilities via KPIs for mobile memory usage and file movement
  • Pie and bar charts inform about the protection status of the clients
  • Includes various histories of mobile memory usage and file movement
  • Intuitive drill-down options improve the analysis of hazard potentials
  • Prefiltered standard reports can be called directly from the dashboard

Granular approval of rights

  • Assign rights: for user, group or computer level, so different rights can be assigned to each individual computer, user, group or OU for each interface type
  • Rights hierarchy: allows exceptions to policies on multiple levels
  • Individual restriction possibilities: Interfaces can be assigned the following rights in each hierarchy level: everything allowed, read only, not write, everything forbidden
  • Other individual configuration options: Allows e.g. the use of individual devices (by ID) or device types despite prohibition

Manipulation security

  • The security service on the target clients cannot be influenced or stopped by the local administrator

Temporary releases

  • With Security.Desk, mobile users can also be granted temporary user rights for the interfaces on their notebooks via remote code activation, even if the notebooks are disconnected from the network

File encryption

  • Files can be encrypted using the AES procedure
  • You can easily encrypt or decrypt one or more files with FCS CryptMe! via the context menu of the Windows Explorer

Protection from BadUSB

  • BadUSBs secretly log on to the computer as mouse, keyboard or network card and then allow remote control or external use of the infected systems
  • If it is a manipulated USB stick that pretends to be a keyboard or mouse, the user can block it directly

Central management console and agents:

Security.Desk consists, on the one hand, of a central management console through which the responsible employees carry out the configuration and, on the other hand, agents that run on the clients to be secured or the terminal server and implement the policies there that have been defined in the management tool.

Block sharing of certain storage media
or even file types and prevent software applications:

White list:

White list devices/device types: The white list allows the use of individual devices (by ID) or device types despite prohibition. You control individually whether only a specific device with serial number or a specific device type should be released. You can define a white list per organizational unit, per group, per user, and globally.

Black list:

Black list Software: Black list Software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
Black list File Types: The File Types blacklist prohibits reading/copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from a removable storage device and/or writing to the same.

  Additional modules

Active Directory Loader

Makes the transfer of clients from the AD to Security.Desk much more comfortable and easier.

Network protocol

File protocol for all common Internet protocols.

Terminal Server

Monitors file movements of local drives on thin clients in remote sessions of Windows Terminal Server, Windows Server 2016 RDS, Citrix MetaFrame or Citrix XenApp.

Large company? Complex network?

Security.Desk Enterprise Edition: Active Directory Loader

With Security.Desk Enterprise Edition, clients, OUs, and groups can be imported from the
Active Directory and assign clients to them automatically.

Security.Desk is directly connected to the Active Directory with the Enterprise Edition. Different profiles for the import of OUs and groups from the Active Directory can be defined easily and comfortably. A time control enables a periodic synchronization of the Active Directory with Security.Desk. New clients are thus automatically assigned to the appropriate profile (e.g. a location or a department). From the OU structure in the Active Directory, the system optionally creates groups in the Manager’s tree.
The coupling with the Active Directory enables single sign-on for Security.Desk admins and, in addition to assigning rights on an AD basis, now also makes it easier to find specific groups and OUs in the Active Directory more quickly. Access rules via interfaces to PCs and/or thin clients in complex corporate structures can thus be managed much more effectively, both centrally and decentrally.

Security.Desk as an Intrusion Prevention System (IPS)

Security Desk detects attacks on networks and computer systems, it can take automatic defensive measures and offers additional protection to traditional firewalls.

In daily use, the administrators set the behavior of the agents running on the clients via their central administration console (Security.Desk). The status of the security services is extensively processed in the dashboard.

Besides e-mails and infected programs, USB sticks are probably one of the most important ways to distribute malware. But they can not only bring malware to computers, but they can also get lost. If official data is on the external data carriers, it can easily fall into the wrong hands.

  • Security.Desk controls the USB port. If an unencrypted stick is inserted into the port, you now have the option to encrypt the data contained on it with CryptMe. The data can also only be decrypted with CryptMe.
  • Every single computer, user, group or OU can be assigned different rights per interface type. The level “Everyone” corresponds to the company guidelines and applies, if no exceptions apply at higher hierarchical levels.
  • The rights assignment of Security.Desk is very individual, there is a rights hierarchy, which allows exceptions on several levels. The rights of the higher level beat those of the lower levels.

Individual restriction options

  • The interfaces can be assigned the following rights at any hierarchy level:
  • anything allowed
  • read only, not write
  • all forbidden
  • A file log can also be activated which shows when which file was copied from / to removable storage.

Other individual configuration options

  • The “White list” allows the use of individual devices (by ID) or device types despite prohibition.
  • The “Black list” for software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
  • The “Black list” for file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage. It can be inverted at the push of a button so that e.g. only reading/executing certain file types is allowed.

Interface monitoring, BadUSB monitoring, alerts for monitored interfaces, extensive reporting, terminal server file protocol, network logging* as well as URL filter and data encryption are part of the scope of services of Security.Desk.

* Additional module

  • Proactive monitoring technology through white and black lists
  • Definition of forbidden applications by means of black list
  • Continual analysis of the executed applications
  • The use of USB sticks, modems, Bluetooth and IrDA components as well as floppy disks and similar on the client is monitored
  • The rights assignment also controls which access rights users of such devices have, whether the data on them should be encrypted and which file types may be transferred at all
  • Responsible employees are always aware of what is going on in their network
  • The monitoring is done just like the configuration via the dashboard and via lists of clients and their status
  • Real-time monitoring, logging and logging functions are possible
  • Reports are automatically sent by e-mail to the responsible employees and provide information about the action triggered by each defined rule
  • Filter functions allow fast and efficient searching of protocol entries

Advantages at a glance:

  • Security Desk controls the use of mobile storage devices, smartphones, digital cameras etc. on the PCs in your network
  • The software monitors all hardware interfaces and Internet protocols (e.g. HTTP, FTP, …) on the end device
  • Active Directory Integration
  • Assignment of rights: allow, read only, forbid – separated by HW interface – per user, group, OU & device
  • Protocol of file movements from and to removable media
  • Blocking read or write of certain file types from or to removable storage
  • Recognition of prohibited “embedded files” in Office files
  • Monitors file movements of local drives on thin clients
  • Clear central control station for compliance management, service distribution and reporting
  • Free addition of USB device types to be monitored
  • “White list” for special devices (by ID) or device types
  • Ban software applications on black list
  • Temporary activation of offline computers via access code
  • Alarm via e-mail or tray icon
  • Security service is not endable
  • Flash Reminder – reminds you when logging off from your PC, if there is still removable media connected to the computer
  • Protection against BadUSB (memory sticks with manipulated firmware) by controlling input devices (mouse and keyboard) as well as network adapters
  • The BIOS information as well as the data of the logical drives including capacity (total / occupied / free) are read and displayed per client
  • The data of the logical drives of the clients are read out together with the “BitLocker” status
  • Security.Desk now displays complete data about the client operating system (version, release, build number, service pack etc.)
  • You can tell by the BIOS information in Security.Desk per device or by a report whether “UEFI Secure Boot” is enabled or not on these clients
  • Windows update options and status per computer as well as information about the Windows Update Server

Test Security.Desk for free or purchase it directly

As your business expands, so does your security need – Security.Desk is your most reliable partner when it comes to endpoint security! The price of Security.Desk depends on the number of clients to be monitored and then which additional modules are to be used.

Already from 8,00 Euro per client

Do you have further questions?

We are happy to advise you:

      +49 911 810 881 0


All new features and functions of Security.Desk can be found here:

Start typing and press Enter to search