The default Application Control rule to block Autorun triggers when a USB drive with no autorun.inf is connected
|Article:TECH162983|||||Created: 2011-06-22|||||Updated: 2011-06-30|||||Article URL http://www.symantec.com/docs/TECH162983|
Symantec Endpoint Protection pops up with an Autorun blocked message when a USB drive with no autorun.inf present is connected.
Autorun has been blocked. Check the Control Log for more details.
When a USB drive is connected, Windows will attempt to open autorun.inf although it may not exist. This rule blocks the attempt regardless of whether the file exists or not.
This is operating normally. To disable notification for this rule, perform the following steps:
- Log on the the Symantec Endpoint Protection Manager Console.
- Click the Policies tab.
- Select Application and Device Control from the Policies pane.
- Select the applied policy in the Application and Device Control Policies pane
- Click Edit the policy in the Tasks pane.
- Click the Application Control tab.
- Select Block access to Autorun.inf [AC9] from the Application Control Rule Sets, then click Edit.
- Select [ACP-1.1] Autorun.inf from the Rules.
- Click the Actions tab.
- Uncheck Notify user from the Read Attempt pane.
- Click OK, then OK to save the change.
Article URL http://www.symantec.com/docs/TECH162983