I agree with Peter's points. Clients often ask me about this as well. While you can modify Windows settinsg such as autorun and default programs association, they require autorun which is a commonly exploited mechanism and now disabled by default.
If removable storage is a significant concern for you, I would suggest you start with a good business policy backed up with the ability to enforce rules using Device Control (DEC). DEC is a common component of most endpoint suites and has a very nice function which is the ability to prevent accessing executable files on removable media. If the executable (malware) cannot be executed, then you are significantly more secure. You can share all the data you want e.g. pdfs, MS Office files, but no applications. It also mitigates the problem of users brining portable browsers on removable media in order to bypass corporate web controls.
I work with many clients who initially deploy DEC in the background and monitoring mode first in order to understand what the actual usage is of removable devices. If you have DEC deployed on all endpoints, if you were to experience an outbreak, you would have the mechanism in place to immediately contain the situation.
In the absence of business policies, the information learned is often key to forming and obtaining business unit buy-in to stronger controls.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.