How to Disable AutoPlay feature to prevent Virus spreading using this feature.
Updated: 17 Jun 2009 | 22 comments
Title : How to Disable AutoPlay feature to prevent Virus spreading using this feature.
Cause : Most of the Malware and worm uses autorun feature of windows to Spread & launch to your machine.
Solution :
- Go to Start and Run
- Type gpedit.msc
- Click Ok
- This will open a new group policy window.
- In the group policy window click on the plus sign next to Administrative Templates under Computer configuration.
- Then Click on system & then you will find turn off Autoplay on the right-hand side.
- Double click on the Turn off Autoplay. It will open a new window
- By default it will set to Not configured.
- Select Enable & select it for All drive then click Apply and OK.
- Close the Group Policy Window.
Comments
thanks for the update..
thanks for the update..
Nel Ramos
Good to see this on forum
Good to see this on forum
This is what i was looking
This is what i was looking thanks Saeed.......
Other options
You can get the same function by enabling "Device and access control" in SEP and creating a customised policy.
This if of course way more work and needs a lot of testing before launching to production.
You can also disable AutoPlay with the microsoft tool Tweak UI from the Power Toys web site
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Since this can be also done
Since this can be also done Application and Device Control.I don't think it was neccesary here.
I think both options are
I think both options are good. The windows autorun feature should always be disabled. It is good for clients that are newly installed and have not yet got SEP installed.
Max has a point there.. It
Max has a point there..
It would not hurt doing both ways...
the only reason I would prefer it in SEP is that it would admin autoplay and the others centrally..
thanks..
Nel Ramos
Addition Info
Create a Folder named Autorun.inf on all the Drives root location, so that when a virus tries to create it will not be able to do so. :)
It is easy to disable
It is easy to disable autorun from a central GPO (group policy object) that resides on the Domain Controller and thus making the rule apply to all clients in the organisation. To do that is I made an article that continues where this one left off.
https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way
My article is now published.
My article is now published. I was to quick to post the link here. But now it works.
https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way
USB Payloads
One more reason to disable autorun (this has actually been around for a while)
http://wiki.hak5.org/wiki/USB_Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc... Several methods for silent activation exist including the original MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key, and the original Amish technique of using social engineering to trick a user into running the autorun when choosing "Open folder to display files" upon insertion."
Using a USB with payload installed the possibilities are endless, including AVKillers
Example:
Step 1) Plug in (No input is required to initiate autorun)
Step 2) Wait about 30 seconds
Step 3) Unplug and review stolen data later
Let's just hope our military relizes this issue and disabled it long ago!
--
Andrew Ferguson
Principal Software Quality Assurance Engineer
Solutions Sustainability Engineering
Symantec Corporation
(801) 995-7831 Office
(972) 977-7036
VMWare
If you have VMWare installed, autorun is disabled by default btw :)
--
Andrew Ferguson
Principal Software Quality Assurance Engineer
Solutions Sustainability Engineering
Symantec Corporation
(801) 995-7831 Office
(972) 977-7036
Someone said that autorun is
Someone said that autorun is disabled by default with some of the most recent updates for Windows. I cannot confirm that this is the case. Anyone that has some links to provide?
https://www-secure.symantec.
https://www-secure.symantec.com/connect/blogs/kb-971029-good-step-towards-malware-propagation-prevention
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Thanks for the link!
Thanks for the link!
re: Good Day
Thanks for the info. It is my first time to log in this site and I find it interesting ...
Visual step-by-step
Just thought of sharing this URL from my bookmarks http://www.howtogeek.com/howto/windows/disable-aut... It illustrates this author's objectives through visual pictures.
Nice one.
@ deepak
I used the link you shared and did it. It helped a lot. Nice one!
Angel
I nice - then vote
Angie, if you did like deepak's comment - do not forget to vote
STS: NetBackup and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
Volo
Hi Volo,
I am unable to vote, not sure why, there is no any action when i point the Vote button =(.
Angel
Can alternatively zap registry:
Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Change 0x91 (145) to 0x95 (149)
Was 0x91 (+0x4 should disable on removable drives)
-------------------------------
Fuller details:
"For example, let's say you want to disable AutoRun for everything but CD-ROMs. To block the other media types, according to Microsoft's cryptic documentation, you'd add 1 for unknown media, 4 for removable drives (such as USB drives), 8 for fixed drives, 16 for network drives, 64 for RAM drives, and 128 for other drives of unknown types. Add all of those decimal values together and enter the result — 221 — in the Decimal box of the NoDriveTypeAutorun Registry key."
32 = disable autoplay on CD-Rom drives ( = 0x20 = DRIVE_CD_ROM)
The values in the bitfield correspond to return values of the GetDriveType function:
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_FIXED 3
#define DRIVE_REMOTE 4
#define DRIVE_CDROM 5
#define DRIVE_RAMDISK 6
7 = future use
Easiest way to disable Autoplay
I tried everything, and still didn't find way how to disable autoplay. Gpedit, editing registry, but nothing worked for me! Friend suggested me Autoplay disabler Pro, and I really suggest it to all of you. It's so simple to use, and still, it really works :) you can find it at http://www.autoplaydisabler.us
Would you like to reply?
Login or Register to post your comment.