Except things that we regularly bring to oil rigs and plug into the 'secure' side of the network: .xlsx and .docx files containing installation instructions and checklists .pdf files with 'red markups' of changed logic .exe files fetched from manufacturer websites with firmware upgrades
A ton of files in proprietary file formats we have no actual way to check the contents of other than trusting the software which created the files.
We essentially have to trust that McAfee and MS endpoint protection will keep stuff out... (office net scans with endpoint, secure side with mcafee)
It is far far faaaar from perfect, and the staff there make it less so by putting usb sticks on their KVM boxes so every time they hop from office->secure and back they re-mount the drives automatically... it is cringeworthy for sure, but nobody sees the issue, or they plain dont care.