Autorun.inf application and device control policy problem
Updated: 21 Oct 2010 | 11 comments
i have applied application and device control policy that disable autorun feature but the problem that when it stops all autorun files when i try to copy any CD or folders from local disk to another it stops the process so any one have solutions to have the same effect to stop autorun features but allowing copying of autorun files.
Discussion Filed Under:
Comments
Hi, I believe this is the
Hi,
I believe this is the right document for you:
http://support.microsoft.com/kb/967715
Regards,
Regards,
Giuseppe
i want to solve it by
i want to solve it by symantec end point
Your point of view is not
Sorry but in my opinion your point of view is not correct. Autorun.inf is just a text file, you cannot block it... it already cannot run. You have to block the O.S. feature that reads this file to run something else pointed by it.
SEP, from its point of view, can help you to stop that a malware spreads itself in your network by copying the autorun.inf in the drives and this is what you see.
You cannot ask to SEP to do the job of your O.S. and Active Directory.
Regards,
Regards,
Giuseppe
Ideas 1. disable the sep
Ideas
1. disable the sep services "smc -stop" temporarily to allow the autorun.inf
2. highlights all the files that you want to copy then exclude the autorun.inf
:-)
Autorun.inf application and device control policy
This should help you in implementing the policy.
Try testing it and see if this works.
How to prevent a virus from spreading using the "AutoRun" feature
http://service1.symantec.com/support/ent-security....
Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x
http://service1.symantec.com/support/ent-security....
I think you can do away with
I think you can do away with the autorun feature.
SEP creates the policy by not allowing the user account to have read access to that file and copying the file is the combination of reading the file and writing it elsewhere.
“Your most unhappy customers are your greatest source of learning.”
autorun.inf blok with application and devica policy
Hello Sameh.
I hope this will help you.
open sep manager and go to application and device policy. edit your policy which you use than add new condition rule (file and folder access attempts. add autorun.inf in right side (apply to the following files and folders)
and go to actions tab and choice Block access.
this will block every access to autorun.inf
you cannot copy move etc. it.
if you want to blok it only flash drives edit file and folder definition and check box Only match files on the following device id type.
and write there usbstor*
thats all.
Have a nice day.
Everything works better when everything works together.
Dear All, According with this
Dear All,
According with this link, http://service1.symantec.com/SUPPORT/ent-security....
I want to disable an autorun.inf on flash disk for my SEP client, but after do everything, like restarting, update policy, when try plug in flash disk on usb port the information always appear. Iwant to know why, ang how to solve.
I hope some one can explain why my policy not deploy to my SEP client.
Thank you.
download
Hello aulia
Please download this policy an use it. It must to work
https://www-secure.symantec.com/connect/downloads/block-autorun-downadup
Best Regards.
Fatih
Everything works better when everything works together.
Thank you Fatih.
Thank you Fatih.
your welcome
:) no problem i hope it will help you
Regards
Fatih
Everything works better when everything works together.
Would you like to reply?
Login or Register to post your comment.