It is recommended to disable any unused devices in the system, such as USB ports, CD/DVD drives, communication ports, or floppy disc controllers. Devices are disabled manually in devmgmt.msc (Device Manager).
Disabling of autorun functionality
If it is not possible to disable a device, disable the autorun functionality of the device. The autorun functionality is disabled to prevent the automatic start of the malicious code contained in a removable device. For more information, search how to disable the Autorun functionality in Windows.