Preventions
- ID: PV036
- Created: 31st July 2024
- Updated: 31st July 2024
- Platform: Windows
- Contributor: Khaled A. Mohamed
Restrict Floppy Drive Mounting, Group Policy
Using Group Policy on Windows it is possible to block execute, read, and write operations related to a floppy disk.
In the Group Policy Editor, navigate to:Computer Configuration -> Administrative Templates -> System -> Removable Storage Access
Open the following policies and set them all to Enabled:
Floppy Drives: Deny execute access
Floppy Drives: Deny read access
Floppy Drives: Deny write access
Sections
| ID | Name | Description |
|---|---|---|
| IF002.004 | Exfiltration via Floppy Disk | A subject exfiltrates data using a floppy disk drive. |
| PR004.003 | Removable Media File Exploration | The subject browses, searches, or navigates files stored on removable media to identify data of interest. This includes interaction with external storage devices such as USB flash drives, external hard drives, memory cards, or other mountable media connected to an endpoint.
File exploration on removable media may involve directory traversal, file listing, previewing, or opening files directly from the mounted device. This activity can occur either on media introduced by the subject or on devices previously used for data staging or transfer. |