Malicious code can gain access to endpoints
via external media such as removable drives and optical drives.
To protect against this, you can define restrictions that control
the executable files, if any, that users can launch from external
drives attached to the endpoints in your network. For more information,
External Media Restrictions.
Processes spawning child processes
Child Process Restriction rules have been
deprecated and are superseded by the Child Process Protection malware
protection module (MPM). To block malicious child processes run
from parent processes, Configure
Child Process Protection.