Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

autorun.inf virus issue

Created: 29 Jun 2013 • Updated: 29 Jun 2013 | 5 comments

i'm facing issue about autorun.inf virus with symantec end point protection 11.1 in my windows xp system.

Operating Systems:

Comments 5 CommentsJump to latest comment

consoleadmin's picture

What is the issue running with autorun file?

Check

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x

Article:TECH104909  |  Created: 2008-01-09  |  Updated: 2011-12-14  |  Article URL http://www.symantec.com/docs/TECH104909

Thanks.

James007's picture

hi,

In SEP 11.x you can block autorun.inf through multiple way with the help of following articles.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/docs/TECH104447

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x

http://www.symantec.com/docs/TECH104909

Microsoft KB articles to disable Autorun

http://support.microsoft.com/kb/967715

http://technet.microsoft.com/en-us/magazine/cc137730.aspx

Note : You are using sep old version i suggest you can upgrade your sepm to latest version

.Brian's picture

You can use application and device control to block the autorun file

http://www.symantec.com/docs/TECH104909

http://www.symantec.com/docs/TECH201440

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Sumit G's picture

Find the attach forum "Brian" Comment

https://www-secure.symantec.com/connect/forums/blo...

How to protect systems with SEP from an autorun.inf that links to malware.

Article:TECH201440  |  Created: 2013-01-08  |  Updated: 2013-01-08  |  Article URL http://www.symantec.com/docs/TECH201440

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x

Article:TECH104909  |  Created: 2008-01-09  |  Updated: 2011-12-14  |  Article URL http://www.symantec.com/docs/TECH104909

Hope it help you.

Regards

Sumit G.

Mithun Sanghavi's picture

Hello,

By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.

Disabling the Autorun.inf Rule in the SEPM

  1. Login to the SEPM
  2. Click Clients
  3. Select the group your SEP client is in
  4. Click the Policies tab (at the top)
  5. Open your Application and Device Control Policy
  6. Click Application Control
  7. Remove the checkmark from Block access to Autorun.inf [AC9]
  8. Click OK
  9. Once the SEP client picks up the new policy, test it out.

Auto run_0.JPG

Check these Articles:

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and SEP 12.1

http://www.symantec.com/docs/TECH104909

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/docs/TECH104447

How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy?

https://www-secure.symantec.com/connect/downloads/how-do-i-block-access-autoruninf-using-symantec-endpoint-protection-sep-application-and-de

How to prevent Autorun.inf files being copied or written to network file shares

http://www.symantec.com/docs/TECH131807

Disable the Autorun from all the drives with the help of GPO

http://support.microsoft.com/kb/967715

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.