ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV036
  • Created: 31st July 2024
  • Updated: 31st July 2024
  • Platform: Windows
  • Contributor: Khaled A. Mohamed

Restrict Floppy Drive Mounting, Group Policy

Using Group Policy on Windows it is possible to block execute, read, and write operations related to a floppy disk.


In the Group Policy Editor, navigate to:
Computer Configuration -> Administrative Templates -> System -> Removable Storage Access

 

Open the following policies and set them all to Enabled:

Floppy Drives: Deny execute access

Floppy Drives: Deny read access

Floppy Drives: Deny write access

Sections

ID Name Description
IF002.004Exfiltration via Floppy Disk

A subject exfiltrates data using a floppy disk drive.