How To Disable USB Ports To Prevent Malware Infection

Varun Kashyap 13-08-2009

How To Disable USB Ports To Prevent Malware Infection thumbnailA Reader writes in:
My PC is being shared by my roomies – they mainly use it for watching films – virus threats from USB is paramount. I have no issue with CD drives. But USB’s are a no-no. So its really important that I do this (block or lockdown USB ports).


There are plenty of ways to disable usb ports and you don’t need any special software.

Disable USB Ports By Disabling Autorun

Most of the malware that spreads through USB devices spreads because of the Autorun feature which automatically executes a said file mentioned in the autorun.inf file located at the root of the USB device folder tree. Something as unsuspicious as “Open folder to view files” to the untrained eye can be easily made to run any desired file on the drive and can thus infect your computer. So disabling autorun is always one of the better options. To do so:

How To Disable USB Ports To Prevent Malware Infection groupedit

  • First, the key combination Win + R and type Gpedit.msc
  • Navigate to Computer Configuration > Administrative Templates > Windows Components, then click Autoplay Policies. (XP users should try Computer Configuration > Administrative Templates > System
  • In the Details pane, double-click Turn off Autoplay.
  • Click Enabled, select All drives in the Turn off Autoplay box to disable Autorun on all drives.

Microsoft Help and Support has more details and methods


Option 1. Disable users from connecting USB devices

How To Disable USB Ports To Prevent Malware Infection registryedit

You can prevent selected user accounts from connecting USB devices to your computer. So if you share your laptop/computer with a friend, you should create a separate user account and deny his/her account the ability to connect USB devices. Microsoft Help and Support provides steps to obtain such fine grain control.

Or you can simply navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor and set the value of Start to 4. To enable access again change the value back to 3

Although the site mentions that this applies to Windows XP, 2000 and 2003 it worked just fine on Windows Vista and Windows 7 as well.


Option 2. Change BIOS, disable USB ports, password protect BIOS

Enter your system’s BIOS, just when you press the Power On button. Look for anything that allows you to disable USB ports, disable them and make sure you add a BIOS password.

Option 3. User Device Manager to disable USB

How To Disable USB Ports To Prevent Malware Infection devicemangerdisable

  • Go to Device Manager (Right click My Computer, choose Manage, choose Device Manager in left pane)
  • Now look for USB Devices in the right pane, right click on the device and choose disable.

Of course you would like to make it a little easier to enable/disable the USB ports. For that you need to create a reg file that modifies the appropriate registry key. Here is an example (make sure to spell everything correctly):

How To Disable USB Ports To Prevent Malware Infection regentry


Now double clicking on this file will enable access, similarly you can change 00000003 to 00000004 to create a reg file for disabling access.

None of these are fool proof, there is always someone smart enough to find a way around. If you really want to go all the way you can fill the ports with some epoxy or a similar substance! This is of course not a recommended solution for your personal computer but might come in handy for large organizations trying to prevent employees from using USB devices.

All in all the options are good enough to stop accidental, non intentional spread of malware/compromise of your computer as mostly happens when a USB device is plugged into different computers. However don’t bet your life on these if some one is really determined to use a USB device on your computer for whatever reason.

How do you protect your computer from malware spread via USB drives?


Explore more about: Anti-Malware, USB, USB Drive.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Troubleshooter
    December 25, 2014 at 6:47 am

    Type in Run window regedit and click OK

    After registry editor Open Goes to the
    In the Right Pane Double Click on Start and Type in Value 4
    USB Port is Disabled
    Type Value 3 For Enable USB Port

    Or Simply Download the Application Called USB Port Operator
    For Enable and Disable USB Port. its worked for me
    Their is another method from BIOS search over internet for it.
    from [Broken Link Removed]

  2. Christian Velasquez
    August 14, 2009 at 5:06 pm

    Why not just scan the drive for malware with Spybot, Malwarebytes', Super Anti-Spyware, etc?

    I ran scans with Malwarebytes' and Super Anti-Spyware, Malwarebytes' picked up some spyware and autorun.ini files, and Super Anti-Spyware detected to Trojans, both were on my iPod.

  3. Waseem
    August 13, 2009 at 4:40 pm

    I think they solved it in Windows 7 .

  4. JK the First
    August 13, 2009 at 3:36 pm

    I use USB 1.3 (yes, the app is named "USB") to prevent autorun files from executing. A lightweight, portable program that works. It's been reviewed on MUO before.

    Another choice is iKill, but I will not recommend it due to its dangerous requirement, that to disable the autorun file, you must remove the usb and then reinsert it. You can imagine how annoying and potentially dangerous this can be.