ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV035
  • Created: 31st July 2024
  • Updated: 31st July 2024
  • Platform: Windows
  • Contributor: Khaled A. Mohamed

Restrict Disc Media Mounting, Group Policy

Using Group Policy on Windows it is possible to block execute, read, and write operations related to a CD/DVD drive.


In the Group Policy Editor, navigate to:
Computer Configuration -> Administrative Templates -> System -> Removable Storage Access

 

Open the following policies and set them all to Enabled:

CD and DVD: Deny execute access,

CD and DVD: Deny read access,

CD and DVD: Deny write access

Sections

ID Name Description
IF002.009Exfiltration via Disk Media

A subject exfiltrates data using writeable disk media.