we have a number of policies defined for Device Control to limit the number of end-users who can read from & write to removable media. We would like to enhance this and restrict this sub-set of users to dis-allow executables, i.e. this subset of users should only be able to use regular documents such as .doc, docx, pdfs etc from removable media. I would be interested in your views on implementing such a restriction and options of how to do it with DLP.
Look forward to all the input.
More time to research - it would appear that 'removable storage file access rule' may help. will attempt to test.
If anyone wants to contribute, it woudl be most appreciated.