Two main components make up the application: the GFi EndPointSecurity agent installed on the client and the GFi EndPointSecurity management console application.
The console includes a remote deployment tool allowing the administrator to deploy the agent to hundreds of machines with just a few clicks. From the management console, it is possible to generate a single MSI file that can be later deployed using the Active Directory deployment tool or other deployment options, including the GFi console.
Regardless of the method of installation, the MSI file will contain all the security settings configured in a particular protection policy.
After installation, the administrator is able to control access to endpoint devices on any of the machines having an EndPointSecurity agent deployed. The engine can be used to scan and detect the presence of devices on the network.
However, the console must have admin credentials on the target machine to scan for currently connected devices. The console can perform several functions, such as keep track of which machines have an agent installed on them, create and manage policies, view status of clients, perform scans to see past clients' connections, and maintain a log.
The point of the console is to control policy. These policies can be granular and can be based on Active Directory users, groups or machines so the agent will grant or deny access depending on the AD user who is currently logged into the machine.
In addition to blocking access to portable storage media, the tool logs device-related user activity to both the event log and a central SQL server. A list of files that have been transferred to or from the device is recorded whenever a user plugs in a device to the network-attached endpoint.
The pricing for EndPointSecurity agent is US$750 for 25 licenses, and this fee includes a year of support. This covers phone, email and web support. For support beyond the first year, the cost is US$99 or 20 percent of the product price, whichever is higher.
For: The interface is clean and logically laid out. Against: Windows-only. Verdict: The level of resources used is incredibly small, making the offering handy for many organisations.