Contact us

Verify you are human, copy the number to the textbox

STOP data leakage and theft.

Lock Down Your Endpoints & Ports.

For Windows, Mac, Linux and Mobile


For Windows, Mac, Linux

Deployed Enterprise-wide in minutes. Lockdown, control & monitor data movement across all ports and removable devices. USB, FireWire, Thunderbolt, WiFi, Bluetooth, eSATA, CD/DVD, iPhone/iPad/iPod, Android devices, Windows mobile, cameras, tape drives, printers and more.

Mobile Device Management

For iOS, Android

Provides enhanced control over the use of Android and iOS smart phones and tablets by companies' employees, enforcing strong security policies and detailed tracking of all mobile devices.

Content Aware Protection

For Windows, Mac

Control sensitive data leaving the company's network. Transfers of important company documents will be logged, reported and blocked. Monitor Skype, clipboard, Dropbox, webmail, email, copy/paste, disable print screen.

Endpoint Protector for Device Control explained in plain English
Full forensic level reporting for PCI, SOX, CoCo Compliance

Frequently Asked Questions

In a nutshell, Endpoint Protector does four critical jobs;

  • Controls, manages & monitors access to ALL removable devices and ports.
  • Actively monitors, controls and prevents data loss & data leakage (DLP) via virtually any application, service or device.
  • If it detects an unencrypted USB drive, it enforces encryption.
  • MDM - it controls & monitors iOS and Android devices

Cososys Endpoint Protector is the ONLY solution of its kind available to provide protection to Windows, Mac and Linux computers via the same, simple easy to use management console.>

  • 32 and 64-bit Windows XP through Windows 10
  • Mac OSX
  • Linux

Virtually any device you can attach to a Windows, Mac OSX or Linux computer;

  • All USB attached devices - memory sticks, iPods/iPhone/iPad, cameras, PSP, music players etc.
  • Tablet computers
  • Cameras
  • Bluetooth / Wireless / PDA's
  • CD / DVD Writers / Readers
  • iPhone / iPod / iPad / Touch etc.
  • Firewire Port
  • Thunderbolt ports
  • Floppy drives / disks
  • Hard disk
  • Infrared port
  • Parallel / Serial port
  • Removable Mass storage devices
  • Tape
  • Wifi
  • Printers
  • SATA
  • eSATA
  • ...and many, many more

You install the Endpoint Protector hardware appliance or virtual appliance. From their you deploy a small client application to computers you wish to control. You can deploy directly from the console or via Active Directory, folder share or other means.

This low level service runs seamlessly on each client computer (Windows, Mac OSX or Linux)

The service interacts with the various device ports & applications available on that machine, and then applies the required permissions and controls that you set using the Endpoint Protector management server.

This service cannot be bypassed / stopped / removed even if you have local admin privileges! This service can also be completely invisible to end users.

The easiest way to deploy Endpoint Protector is with a virtual appliance. Simply import the trial image into your favourite virtualisation solution, power it on, and give it an IP address;

  • VMware vSphere / ESXi / Server / Workstation / Fusion.
  • Microsoft Hyper-V
  • Cirtrix XenServer
  • Oracle VirtualBox
  • Parallels Desktop for Mac
  • Many other virtualization environments are supported as well.

Yes. It has been awarded EAL2 certification for Common Criteria.

To deploy the software or hardware appliance, there are really only 3 very fast steps:

  • 1) Push the power button
  • 2) Give it an IP in your local network
  • 3) Deploy Endpoint Protector client to endpoints (laptops, desktops, servers) that you want to protect.

The virtual appliance is similar, except you have to import the Appliance into your chosen virtual server environment.

Of course!

Endpoint Protector's ability to discretely manage different families of USB device mean that you can not only allow/ignore USB mice and keyboards (HID devices) but you could also manage a USB printer, or even "White list" a unique USB stick right down to it's serial number!

Here's a list of types of the typical USB devices that Endpoint Protector can control:

  • USB HID (mouse, keyboard etc.)
  • USB Printers
  • USB scanners and still image devices
  • USB Bluetooth adapters
  • USB Storage devices
  • USB and FireWire network cards

The virtual appliance is similar, except you have to import the Appliance into your chosen virtual server environment.

I have an IT department with 4 administrators that will need to have their USB stick to work regardless of where they are in the network. Can their own USB sticks bypass the security policy?!

Yes. Their own sticks either "by device model" or "by unique device" can be added to the "USB White list" which will indeed bypass any restrictions in place on an end-users desktop.

By default the Endpoint Protector service cannot be disabled even if you have local admin privileges. However, you can even more specific with your rights by assigning a user or group of users accounts that will be the only accounts that can manage the service.

Our marketing assistant works on presentations at home and occasionally has to bring them in on her iPod for board room meetings. However, I don't want to allow her iPod constant access to the network. Is there any workaround?

There is! Using the "Endpoint Protector Temporary Whitelist" tool from an end-users Control Panel anyone can plug a device into their machine which will generate a request code. The local helpdesk can then simply run the "Temporary White List Administration Tool."

Options such as how long the device will granted access for can be chosen, then an "Unlock Code" is generated. All the end user has to do is enter that code to be able to use their device immediately for the required period of time!

As well as being able to control Device use, the Content Aware Module allows you to stop data leakage - Data Leakage Prevention a.k.a. DLP.

See our Content Aware Module feature page for more info.

Will their device still be locked when they are out on the road?


The Endpoint Protector policy that is installed is completely independent of the server once applied, therefore no network access is required to maintain the policy.

Furthermore, the "Endpoint Protector Temporary Whitelist" tool can also be run without network access. The codes generated are handled by private and public keys which will have already been deployed down to the clients.

How do I make sure that all those machines have the latest set of permissions on them?

As soon as a laptop re-connects to the network it will retrieve it's settings from the appliance and will therefore be up to date the moment the connection is made!

Technically, feature-wise, and from an overall cost, management and return on investment basis Endpoint Protector proves time and again to be the best solution for controlling Devices and DLP.

Try it today.

Endpoint Protector is totally FREE for up to 5 computers and 5 mobile devices. Endpoint Protector is licenced on the number of computers you wish to control. So a 25 user licence would let you deploy and manage 25 PC's/servers/laptops.

The Content Aware and Mobile Device Management modules are options.

When you purchase Endpoint Protector we will send you a licence key file normally within 24 hours. You simply copy this file into the Endpoint Protector installation folder. Activation is instant.

It is important to note that the number of devices you are allowed to control is hard coded into the product - so if you have bought a 50 user licence you can only manage 50 devices. If you try and manage more than 51 devices the software will not allow you to.

Government approved EAL2 / Common Criteria.

Ready to get started? Have questions?

We're always here to help.