Hi,
Does the Elastic XDR scan removable disk ?
It depends, as the name suggests Elastic Endpoint does Detection and Response, i.e. reacts to system activity. It doesn't proactively scan disk content. If you plugin a drive and execute something from it, Endpoint will scan the executable behind the scene.
If you're interested in scan response action, it's coming in v8.15.0