Hey everyone! We're looking for a security solution in our company where all USB sticks are automatically handled in a secure environment, ideally a sandbox or virtual machine, without requiring any user interaction. The goal is to ensure that files from USB drives are never opened directly on the host system, but instead in a hardened, isolated environment by default to prevent any potential malware from executing. We're operating in a Windows 11 environment, so any advice, product names, or solutions would be greatly appreciated! Thanks in advance!
1 Answer
Honestly, the best practice is to not allow USB drives at all since they're a major security risk. My suggestion? Disable all removable mass storage through Active Directory.
But how do you manage without thumb drives? I deal with people needing 16GB for videos almost daily! I even had someone send a USB drive in the mail this year for 20GB files! Disabling USB access would drive people crazy!