If there is threat in the USB device which attempt to infect the system such as Worm, Virus, TrojanDroppers and so on, then Forefront real-time protection will stop it and remove it. But if it is case of Trojan or whatever thing which user need to click
on it , then it might not catch by real-time protection unless user attempt to execute it like by click on it which will again blocked by real-time protection.
The feature of scan when insert a USB device automatically is not available in Forefront, one reason could be just imagine a case that someone want to just insert a USB and open a single file and might only need to use it for 10 minutes while if scan start
to run , it would try to scan for hours (in case of full scanning several files). USB device are mostly used just to plug in and plug out and if scan run and then consider user done with his/her job and want to take out the USB in middle of scan, it might
also cause some damage to data.
However, you could always run manual scan by right click on the USB and then Scan with Forefront Endpoint Protection.