By deploying Agent on terminal devices, it can regularly scan and obtain the software summary table, Windows operating system version/KB, antivirus software information, and virus signature version of intranet connected devices; By collecting the software summary table, the following checks can also be carried out: permit software, prohibited software, software copyright quantity, software version, etc. If there are non-compliant events (should be installed but not installed, should not be installed but installed, using pirated software, should be updated but not updated), the network can be disconnected and the page can be redirected to inform the reason for being controlled. Different levels of permissions can be set to facilitate stable operation of the device and guide the repair system to comply with security policies. In addition, the ROM module can be connected to allow the manager to assist the device with automatic software patching.