Comments on: EndPointScan: Scan your network for USB-related security risks

By: akaljian

akaljian — Tue, 01 Nov 2011 15:44:34 +0000

I just came across this article and the related tool. It still is a valid link but I don't think it works correctly anymore with IE8 or above as I had trouble getting the report to show up.

Further since it discusses windows xp, it may be way behind in its usefullness.

I see most of these comments are from years ago so I don't know how current this article actually is. Perhaps the author could refresh it and see if it is still valid.

By: leif lynch

leif lynch — Mon, 06 Apr 2009 17:34:00 +0000

It is a good tool if you need to monitor the use of drives. But if you are worried about data loss/theft the best way to combat usb devices is to disable the usbstor capabilities. Not only can they be used to steal data, if i ever wanted to break into a company's network I would spend $20-30 and drop a few usb devices in the parking lot of your business. Thanks for the back door.

By: leif lynch

leif lynch — Mon, 06 Apr 2009 17:34:00 +0000

It is a good tool if you need to monitor the use of drives. But if you are worried about data loss/theft the best way to combat usb devices is to disable the usbstor capabilities. Not only can they be used to steal data, if i ever wanted to break into a company’s network I would spend $20-30 and drop a few usb devices in the parking lot of your business. Thanks for the back door.

By: Neal Harvey

Neal Harvey — Thu, 20 Mar 2008 16:11:00 +0000

Nice one! Thanks for the tip! Last year we had some security incidents with stealing of sensitive project data. Since that time we have started to pay more attention to usb security. Now we use desktop authority as a desktop management solution and we control usb devices with this tool as well. What I really like in this solution is that you can block or limit access to a particlular device on a particular pc. For example, you can block the use of pocket PCs, palms and blackberries for some departments or OUs. In addition you can limit the use of usb devices according to their serial numbers, for example, allowing the use of only company issued usb storage or even put some devices on a black list.

By: Neal Harvey

Neal Harvey — Thu, 20 Mar 2008 08:11:05 +0000

By: bo

bo — Mon, 11 Feb 2008 04:21:00 +0000

great tool

By: bo

bo — Mon, 11 Feb 2008 03:21:00 +0000

great tool

By: Kiltak

Kiltak — Sat, 12 May 2007 01:55:00 +0000

Good point Matthew .. I had the exact same thought at first, but since GFI is one of the company that I've been trusting for a while, I decided to test the application anyways. With the ever increasing number of firefox users, I think GFI should definitely look at a way to code their application to be usable in multiple browsers

I can understand why they made it that way though. Since ActiveX is proprietary and is made to work under IE and Windows, coding applications that access the operating system with it must be a lot faster and effective.

I know there is a Firefox plugin(s?) that permit people to use ActiveX under Mozilla's browser, so maybe GFI should look at a way to use this to their advantage. Some browser independant code would still be the best solution, but we don't live in a perfect world, and sometimes, we don't always get what we want right away :)

By: Kiltak

Kiltak — Sat, 12 May 2007 01:55:00 +0000

Good point Matthew .. I had the exact same thought at first, but since GFI is one of the company that I’ve been trusting for a while, I decided to test the application anyways. With the ever increasing number of firefox users, I think GFI should definitely look at a way to code their application to be usable in multiple browsers

I know there is a Firefox plugin(s?) that permit people to use ActiveX under Mozilla’s browser, so maybe GFI should look at a way to use this to their advantage. Some browser independant code would still be the best solution, but we don’t live in a perfect world, and sometimes, we don’t always get what we want right away :)

By: Matthew Musgrove

Matthew Musgrove — Fri, 11 May 2007 22:48:00 +0000

It's a pity that they chose to implement this as an ActiveX control because that limits the number of end users.

Requirements" rel="nofollow">http://www.endpointscan.com/">Requirements for the test
* Windows 2000, XP or 2003 as operating system. Not Windows 9X or NT!
* Microsoft Internet Explorer 6 or later with Internet security settings set to Medium. Please note that this version of EndPointScan does not work with Mozilla FireFox.
NOTE: You need administrator rights and privileges to set Internet security settings and execute EndPointScan.
Most IT professionals are wary of ActiveX controls and Internet Explorer in general.

By: Matthew Musgrove

Matthew Musgrove — Fri, 11 May 2007 22:48:00 +0000

It’s a pity that they chose to implement this as an ActiveX control because that limits the number of end users.

Requirements for the test
* Windows 2000, XP or 2003 as operating system. Not Windows 9X or NT!
* Microsoft Internet Explorer 6 or later with Internet security settings set to Medium. Please note that this version of EndPointScan does not work with Mozilla FireFox.
NOTE: You need administrator rights and privileges to set Internet security settings and execute EndPointScan.

Most IT professionals are wary of ActiveX controls and Internet Explorer in general.

By: Jean-Marc

Jean-Marc — Fri, 11 May 2007 19:57:00 +0000

Hey guys,

great post (again). I work as a sys admin for the public sector and we are constantly on the lookout new ways to track security risks. Over the last few years, portable devices have been a “sword of Damocles” of sorts hanging over our heads waiting to fall. I, and my colleagues, feel that they are a far greater risk to security (not to mention data integrity and confidentiality risks as well) than upper management is willing to recognize. This tool will help us in our research for effective solutions.

Keep up the good work!