The default Application Control rule to block Autorun triggers when a USB drive with no autorun.inf is connected

Article:TECH162983  |  Created: 2011-06-22  |  Updated: 2011-06-30  |  Article URL http://www.symantec.com/docs/TECH162983
Article Type
Technical Solution



Issue



Symantec Endpoint Protection pops up with an Autorun blocked message when a USB drive with no autorun.inf present is connected.


Error



Autorun has been blocked. Check the Control Log for more details.


Environment



Windows 7


Cause



When a USB drive is connected, Windows will attempt to open autorun.inf although it may not exist. This rule blocks the attempt regardless of whether the file exists or not.


Solution



This is operating normally. To disable notification for this rule, perform the following steps:

  1. Log on the the Symantec Endpoint Protection Manager Console.
  2. Click the Policies tab.
  3. Select Application and Device Control from the Policies pane.
  4. Select the applied policy in the Application and Device Control Policies pane
  5. Click Edit the policy in the Tasks pane.
  6. Click the Application Control tab.
  7. Select Block access to Autorun.inf [AC9] from the Application Control Rule Sets, then click Edit.
  8. Select [ACP-1.1] Autorun.inf from the Rules.
  9. Click the Actions tab.
  10. Uncheck Notify user from the Read Attempt pane.
  11. Click OK, then OK to save the change.

Supplemental Materials

SourceETrack
Value2348091


Article URL http://www.symantec.com/docs/TECH162983


Terms of use for this information are found in Legal Notices