How to harden my system against usb spreading Malware?

[DDE_Server]

Hi guys ,
i want to know your opinion about the methods you take to harden your system against usb spreading virusus as you can see in my setup i take full control on windows firewall using Tinywall and create allow rules manually for my programs for real time protection i use Emsisoft with Vodooshield anti exe . for usb i disabled Autorun and Autoplay settings via control panel. is it enough?? is there any other windows customization for hardening or just this is enough ?? i don't want to add any other software for that purpose. it will be overkill action in my point of view. i want to know your thoughts

 

[Outpost]

You use custom rules for WF, added EAM and VS and disabled autoplay for USB. I'd say you don't have to do or add anything else.
Don't become paranoid.

 

[DDE_Server]

You use custom rules for WF, added EAM and VS and disabled autoplay for USB. I'd say you don't have to do or add anything else.
Don't become paranoid.

i feel i became paranoid as i read how threats became more silent and the new technique used in target attacks . it is out my control feeling . when you know more you became paranoid

 

[DDE_Server]

may i learn about more GPO edit to enhance this side

 

[HarborFront]

Many AV/AM will detect and scan the USB device against malware upon insertion

 

[harlan4096]

Just turn off W10 AutoPlay for all devices:

​

 

[ForgottenSeer 85179]

Their is no need to disable Autoplay / Autorun these days. Microsoft fix that abusing.

What help is SRP like with HC_Configurator.

Also if we talk about USB, don't forget Bad-USB.
Defense against that is much harder and can be restricted with eg. Group Policy (Block new GUID driver/ devices like modem etc.)

 

[HarborFront]

Their is no need to disable Autoplay / Autorun these days. Microsoft fix that abusing.

What help is SRP like with HC_Configurator.

Also if we talk about USB, don't forget Bad-USB.
Defense against that is much harder and can be restricted with eg. Group Policy (Block new GUID driver/ devices like modem etc.)

For BadUSB you can use the free G DATA USB Keyboard Guard below

USB Keyboard Guard | Reliable protection against manipulated USB stick | G DATA

Protect your PC and your data against BadUSB by using USB Keyboard Guard by G DATA - irrespective of your antivirus program. Download it for free now.

www.gdatasoftware.com

 

[ForgottenSeer 85179]

For BadUSB you can use the free G DATA USB Keyboard Guard below

Well yes and no.
It doesn't protect against all Bad-USB cases
And itself also increase the attack surface.

For normal user it help through

 

[DDE_Server]

Just turn off W10 AutoPlay for all devices:

View attachment 233651​

i already turned it off and also autorun from GPO

 

[Atlas147]

Used to use McShield a long time ago to scan USBs are they are plugged in. Very responsive and the scans are quite fast. Down side is that it has not been updated in a long time.

 

[DDE_Server]

Many AV/AM will detect and scan the USB device against malware upon insertion

yes Emsisof do that by default

 

[DDE_Server]

i

Used to use McShield a long time ago to scan USBs are they are plugged in. Very responsive and the scans are quite fast. Down side is that it has not been updated in a long time.

yes i was using something like that long time ago called USB Disk Security but it seems also abandoned as it also hasn't been updated for long time ago

 

[Oten]

You can try SmadAV

 

[DDE_Server]

You can try SmadAV

i know it tried it before and caused some compatibility problem with my existing antivirus

 

[shmu26]

The best protection is not to allow a suspicious USB to be inserted into your computer. Do you have friends or children bringing home USB devices that have visited other computers? If not, you don't have to worry about anything.

If you can't keep promiscuous USB devices away from your computer, then the next line of defense is using your brain. For instance, if you see that a flash drive has shortcuts instead of folders and files, DON'T CLICK ON THE SHORTCUTS. They are booby-trapped. And check the extensions of files before you open them. If it is supposed to be a video or a Word doc, make sure the extension is familiar. If you see a strange or unexpected file extension, google it before you click. Maybe it's a new kind of video format. But maybe it's a script file that wants to bite you.

 

[upnorth]

I agree with @shmu26 and especially checking file extensions. But, Windows 10 hides by default extensions name. To activate it :

 

[DDE_Server]

The best protection is not to allow a suspicious USB to be inserted into your computer. Do you have friends or children bringing home USB devices that have visited other computers? If not, you don't have to worry about anything.

If you can't keep promiscuous USB devices away from your computer, then the next line of defense is using your brain. For instance, if you see that a flash drive has shortcuts instead of folders and files, DON'T CLICK ON THE SHORTCUTS. They are booby-trapped. And check the extensions of files before you open them. If it is supposed to be a video or a Word doc, make sure the extension is familiar. If you see a strange or unexpected file extension, google it before you click. Maybe it's a new kind of video format, and maybe it's a script file that wants to bite you.

yes i know that and i enabled extension show from windows option to check also if there is double extension file which is almost virus
also i donot use usb unless in rarely case (burn windows iso for example)

 

[DDE_Server]

i did it by default @upnorth Hide extensions for known file types is unchecked

 

[Andy Ful]

The AutoRun vulnerability is patched for USB drives from Vista SP2. But, this can be reverted by malware via modifications in the Windows Registry. Also, the AutoPlay feature cannot run anything automatically, except for some Windows exploits (like LNK exploit) for example when the content is displayed in the Explorer.
https://fortiguard.com/encyclopedia/endpoint-vuln/50524

Nice article about USB attacks:
https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/

When one uses WD + ConfigureDefender in HIGH Protection Level, then there is activated the ASR rule "Block untrusted and unsigned processes that run from USB".
But it can be bypassed if the user will not run the file from USB, but copy the file from USB to hard disk and will execute this file from hard disk.
One can use SRP to block by default the execution of unsafe files (executables, scripts, shortcuts, etc.) from USB sources.

The main problem with USB security in the home environment is that some files can trigger execution (also filelessly) when they are simply displayed (parsed) in the Explorer. This requires a Windows OS exploit, so it can be missed by most AVs and SRP.
The most common infections via executing shortcuts by the user, can be prevented if the user is cautious enough and have set the Explorer to show file extensions.