Video Screencast Help

Allow autorun.inf on an unmanaged Endpoint Protection 12.1 client

Created: 30 Nov 2011 • Updated: 10 Oct 2012 | 2 comments
This issue has been solved. See solution.

I really don't want to hear about all of the risks about allowing autorun.  I already understand these risks.  However, I have a user that has a legitimate need to allow autorun to run on his Seagate Free Agent Goflex USB drive.  Autorun allows the backup program to automatically start and backup his hard drive.

 By default, autorun.inf is blocked with Endpoint Protection 12.1.  There are lots of instructions on how to block autorun but I have found little to unblock autorun in Endpoint Protection.  I found how to unblock on a managed client.  However, I have found nothing on how to unblock autorun on an unmanaged client. 


Comments 2 CommentsJump to latest comment

greg12's picture

The only idea I have is to reinstall the unmanaged client. For this purpose create a new installation package for unmanaged clients which is connected to a group (may be a dummy group for this action only). In this group the ruleset "Block access to autorun.inf" of Application Control policy must be disabled.

Mithun Sanghavi's picture


Simple steps.

If incase, you have a managed SEP client which makes sure that the AutoRun.inf should not be allowed in the environment and you want to make this 1 single machine as exception then, here are simple ways.

1) Move this client to a new group which has no Firewall Policy and Application & Device Control Policy.

This can be done by Withdrawing the Policy from the Group.

Restart of the machine is necessary.


2) You can Deploy another package (using autoupgrade or deploying a new custom package) without the Network Threat Protection and Application & Device Control Feature.

NOTE: Restart of the machine is necessary.

Understanding: Network Threat Protection (Firewall) and Application and Device Control runs on Drivers installed on the machine during Installation of the SEP client. And, to Install / Uninstall these Drivers, you Require a Restart.

Incase, if it's a UnManaged Client then, Simply Disable the Network Threat Protection Policy by: 

SEP client >  Change Settings > Network Threat Protection, configure Settings > uncheck Enable Firewall.

Restart is necessary.


Uninstall the Network Threat Protection and Application & Device Control Feature from SEP client from the Add/Remove Programs.

Restart is necessary.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.