How to prevent Autorun.inf files being copied or written to network file shares
|Article:TECH131807|||||Created: 2010-01-19|||||Updated: 2012-03-07|||||Article URL http://www.symantec.com/docs/TECH131807|
Are there any measures that Symantec recommends in order to protect the network against threats that spread by creating autorun files on network shares?
There are two options that can be implemented to prevent autorun.inf files from being copied or written to the file shares:
Create a 'Hidden' - 'Read only' FOLDER in the root of all drives and shares, called Autorun.inf
1. Take a closer look at network file sharing and the security permissions on the shares. You should not allow sharing to the 'Everyone Group' or allow sharing of the entire drive.
2. Make the root of the share has 'Read only' remove 'Full Control', 'Modify' and 'Write' access to the 'Everyone Group' then put the files/data into folders and apply Access Control Lists (ACLs).
3. Allow users full control to the contents of subfolders in the shares. So when you map a drive, the users see a list of folders, rather than going directly into their share.
4. Give the users just enough permission over the folders to be able to do their work.
Microsoft Library: Access Control Lists: http://msdn.microsoft.com/en-us/library/aa374872(VS.85).aspx
Symantec KB TECH104447, How to prevent a virus from spreading using the "AutoRun" feature
Symantec KB TECH104909, Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x
Article URL http://www.symantec.com/docs/TECH131807