![]() Since it is a physical attack as many others had said, limiting access is your best option. If you're handy with Visual Studio and C#, this may be of interest as well - it focuses on drive removal, but may be adaptable to non-drive insertion instead: Here's a SolarWinds solution for USB detection that collects Log & Events: Users do not typically unplug/plug keyboard/mice unless they are troubleshooting, etc.This page discusses triggering scheduled tasks when USB devices are connected. ![]() Perhaps a script that listens and detects whenever a USB device is unplugged/plugged into a USB Port with the same DEVICE_ID and then it would email me a report (I would capture the IP/PC Name/etc) so that I can investigate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |