Here's Exactly What FileSure Defend Does

No marketing fluff. Just a plain description of every feature, what it does, and why it matters.

Start Free Trial

The Rules Engine

Rules are the heart of FileSure. A rule tells FileSure what to watch for and what to do when it sees it — record it, block it, or both.

Rules can be as broad or as narrow as you need. "Block any executable from being written anywhere on this machine" is a valid rule. So is "Record when Jane Smith opens any .xlsx file in the Payroll folder between 6pm and 6am."

What a rule can be based on:

File operation

Read, write, create, delete, rename, or security setting changes. You pick which operations matter.

File location

Local drives, network drives, USB devices, CD/DVDs, or VSS (driveless) locations. Rules can apply everywhere or only in specific places.

File type or name

By extension (.docx, .exe, .pdf), by filename pattern, or by file signature (the actual file content, not just the name — so renaming an .exe to .txt doesn't fool it).

User or group

Apply a rule to everyone, to a specific user, or to an Active Directory group. Admins can have different rules than regular users.

Program name

Control which applications can access which files, not just which users. Even if a user is authorized to open a file, if they're using an unauthorized program, the rule can block or log it.

Machine name

Apply rules to specific machines or groups of machines.

Time of day or day of week

Rules can be time-limited. A rule that blocks web file modifications except during business hours is easy to set up.

Rule examples our customers actually use:

  • Block all executables from being written to disk (stops ransomware and malware cold)
  • Record all access to the folder containing financial records
  • Block Dropbox and OneDrive from reading files in protected folders
  • Alert when more than 100 files are deleted in an hour
  • Record which program opened each file in the HR directory
  • Block all USB writes for everyone except the IT group
  • Record any file access that happens after 6pm or on weekends

Data Loss Prevention

FileSure controls which programs can do what with your files. That's a more reliable approach to DLP than trying to inspect content.

Application control

Specify which applications are authorized to access sensitive files. An unauthorized program trying to read, copy, or move those files gets blocked — even if the user running it has full permissions.

USB protection

Block writes to USB drives entirely, or log every file transferred. You can allow reads but block writes, or restrict USB access to specific users. Threshold rules can block USB writes after a certain number of files have been transferred.

Email and webmail

Block browsers and email clients from reading files in protected locations. Stops data leaving via Gmail, Outlook Web, Yahoo Mail, or any other webmail service.

Cloud storage

Block Dropbox, OneDrive, Google Drive, and similar apps from syncing files from designated folders. Your sensitive data stays on your network.

Removable media

The same controls that apply to USB drives can apply to any removable media, including external hard drives and CD/DVD burners.

File Auditing

FileSure records every file operation on every protected machine. Every read, write, create, delete, and rename — with the user name, program name, machine name, timestamp, and file path.

Logs are stored encrypted on the local machine and on the management server. They're tamper-resistant — even an administrator can't modify them without detection.

What gets recorded:

Who User name performing the operation
What Read, write, create, delete, rename
Which file Full path and file name
Which program Application used to access the file
Which machine Computer where it happened
When Exact timestamp

The forensic view lets you search and filter this data any way you need — by user, by file type, by time range, by operation type, by machine. When something goes wrong, you can find out exactly what happened in seconds.

Alerts

Alerts watch your audit logs and notify you when something noteworthy happens. They work on two models:

Instance Alerts

Fire immediately when a single event matches your criteria.

  • A file operation is blocked by FileSure
  • A browser reads an audited file (potential webmail theft)
  • A specific user accesses a specific file

Threshold Alerts

Fire when a pattern emerges over time.

  • More than 100 files copied within an hour
  • More than 100 files deleted within an hour
  • More than 100 files written to a USB drive within an hour
  • More than 50 unusual file types read from a USB drive

Alerts generate entries in the Windows Event Log, which means your RMM system picks them up automatically — no separate alert system to manage.

Reports

FileSure ships with over 60 pre-built reports. Here are some of the most useful:

User Activity Reports

  • After-hours activity — file operations outside business hours, grouped by user
  • Files deleted — every file each user deleted
  • Files copied — all file copies by common methods
  • Files created — what users are storing on your servers
  • Files renamed — useful for detecting suspicious activity

Security Reports

  • Delete access denied — attempted deletions blocked by FileSure or Windows
  • Potential file theft — files read by browsers plus files written to removable drives
  • Files possibly sent via webmail — files read by browsers
  • Privileged user activity — what administrators are doing

Compliance Reports

  • PHI access log — all access to files in designated PHI locations
  • USB activity summary — all removable media usage
  • After-hours privileged access — admin activity outside business hours

Reports can be scheduled and delivered automatically by email. Set them up once, get them in your inbox on whatever schedule you need.

Centralized Management

One console manages your entire deployment.

From the management server you can create and edit rules, push policy changes to every protected machine, review audit logs from all machines in one place, run and schedule reports, configure alerts, manage user permissions for the console itself, and monitor which machines are online and enforcing their policies.

Policy changes go out automatically. You don't touch individual machines to update rules.

Offline protection

Protected machines enforce their policies even when disconnected from the management server. A laptop taken off-network is still protected.

Hierarchical policies

For large deployments, policies can be organized at the enterprise level, department level, and local level. Local exceptions can be permitted within the bounds of department policy.

System Requirements

Management Server

  • Windows Server 2003 through 2022
  • 512MB RAM minimum
  • 1GB disk space
  • .NET Framework 3.5 or later

Running an older environment? Contact us.

Protected Workstations/Servers

  • Any Windows version — legacy through Windows 11
  • Windows Server 2003 through 2022
  • 512MB RAM
  • 1GB disk space
  • Any x86/x64 processor

Network

  • Standard TCP/IP
  • Configurable port for workstation connections

Performance Impact

  • Less than 2% CPU utilization
  • 50MB memory footprint
  • Your users won't notice it's running

Ready to see it working?

Start your free 21-day trial today. 1 server, 10 workstations, fully functional. No credit card required.

Start Free Trial Request a Demo