How can I truly disable USB/removable drive support purely with software?
On Windows for example I know I could disable the relevant hardware in device manager, and users would not be able to override this. This would work for the most part.
What about a scenario where there is a local privilege exploit which allows the user to then enable USB ports?
Is there any way to disable USB ports or removable drivers at a lower OS level, or to raise an alert if one is inserted?
Best Answer
There are various pieces of software that will disable USB and/or log enabling/use of USB ports. But like mentioned above if it's a piece of software then in theory it can be disabled. One possible idea is a client/server solution (like how a lot of corporate anti-virus software works) where software enforces policy on the client and the server polls the client to check it's current settings. So there are remote logs that aren't on the compromised client.