If you’re using Windows and still looking at solutions, and you don’t want to go so far as disabling usb devices or something, I’d say sandboxing is something worth exploring. Others have already brought it up by suggesting virtual machines + snapshots, but using a sandboxing application should give you the same benefits without all the overhead that comes from running a full VM.
I haven’t done much testing on sandbox applications myself, but there’s lots of info out there from people who have tested it. The only thing I’ve tested was wannacry on an un-updated version of Comodo and Sandboxie and both stopped it from doing any damage to my PC.
Comodo has an auto-sandbox feature that seems pretty on point. In the way a virus program has a blacklist (allow all files unless they match the malware in its database), Comodo’s sandbox uses the opposite approach and trusts nothing unless it has a verifiable signature from a trusted vendor. In this sense it should work on unknown threats as well (and seems to handle that well in testing). So it doesn’t directly address the USB situation, but if that USB has any kind of auto-executing malware on it, Comodo would sandbox it.
Another solution I use is Sandboxie. I think this feature may require the paid version, but I’ve set up a sandbox that forces every file/executable/etc in a certain drive to run in the sandbox. There’s tools out there you can use to force usb storage devices to mount at the same letter each time, like this, and then just have your sandbox set up to intercept anything coming from that drive letter. In my experience, this has worked quite well, even with scripts set to auto-run.
Just keep in mind that with this setup, if you plug in your own USB drive, open up a word document on it, edit the document and save it, that edited document will be saved in your sandbox, not on your (unsandboxed) PC or on the USB drive. So it’ll take a couple of extra mouse clips to save the edited version onto your PC (outside of the sandbox) or onto the USB drive.