Endpoint Protection

<o p=""></o>2.XILINX<o p=""></o> <o p=""></o>

3.TICRA<o p=""></o><o p=""></o>

4.ORACLE<o p=""></o><o p=""></o>

5.JENITIATOR<o p=""></o><o p=""></o>

6. visual studio2005, 2008


some installs just disapear, some stuck with strange error messege...

when i disable the policy of "disable autorun" the intall proccess run perfectlly.

Copy the installation package to Hard Drive and try to install .... 

can you add screenshots for your autorun disable policy?

What is the strange errors message that you are getting.

It's really sad when so many vendors rely SO heavily on such a dangerous tool instead of writing things more safely. We've found even printer drivers don't like to install with our security in place (blocking autorun.inf files)
But when vendors decided to go against Microsoft's plans and certification requirements and install software under user profiles instead of under "program files" that sort of told me something...............

What we've done to get around this is allow autorun.inf files to do anything in a very specific folder, so our helpdesk staff puts anything they need to install into the special folder and runs it from there. So far, so good.................

What happens is that some of these installs "extract" the install files from the EXE that you run, then they move on via an autorun.inf file, and if that file can't be read, the extraction happens, the next EXE in line runs, but it literally stops from there.......... or you get other weird errors and they VARY WILDLY depending on the application's install processes. Some give no error and simply quit, since they can't read the autorun.inf file. Others give errors. Again, each will be different, so the specific error is unimportant in this diagnosis.
Bottom line, try to put the software into a folder where you have excluded your autorun.inf blocking.

thank you for  your reply..

i used this method of blocking Autorun.inf
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008050910464348

the installation is located on each hdd.

i cant get the "strange error message" to be appear again...

Which option you used in that doc? 

option 1

Edit the policy which you imported and do the following modifications

why uncheck DVD? mybe i only uncheck the  HDD. ill post here if it work. 10q !

Since may viruses will create and keep autorun.inf in the route of the HDD you have to do following modification also
In action tab you have to select block access for read attempts.
 

10q, ill try this.

Whether your problem got solved?
If yes I request you to mark the post which helped you to solve the problem as solution so that it will be helpful for the future visitors in the form   

not working.
still cant install this apps.
i do as u said.

Whether the policy got applied to clients?
Are you confirmed this by verifying the policy sl. no. in the client and in the SEPM?
Where is your package located?
Is it not in Hard Drive?
Whether you tried by rebooting ? 

it is on hdd.
jinit11732.exe
policy is on all my clients. i try rebooting.

Clear the %temp% directory and try.
Also assure that you are having sufficient right to access it.
(Predicting that earlier suggestions already tried) 

If above suggestion not helps try by disabling that autorun.inf policy to ensure that that is the culprit.. 

as i said already. without the policy its work fine. no need to clear the TEMP folder.
if i change the policy and Uncheck the Local Fixed Hard Drive its also work but my network are not...

"but my network are not..."can you clarify?

sorry for my english.

what i wanted to say is that if i disable the policy or uncheck the: "Fixed Local hard drive" from the policy is the same thing.
when i do it i can install freely the applications. but still. if i uncheck the "Fixed Local hard drive" its the same as disabling the whole rule.

i think mybe ill create a user only for installations and assign him policy that allow Autirun.inf

what u think?

In my knowledge this file will be present in the root of the drives .If we do the above modifications it will be still able to block these type of attacks. Removable drives is the most common culprit for spreading virus in this way.The policy still will be able to protect from this type of attack.
If you are still feeling that that much strict policy req. you can assign it back after the installation completes.. 

"i think mybe ill create a user only for installations and assign him policy that allow Autirun.inf"

If your clients are in computer mode the polices which is applied to the group which the client resides will be effective irrespective of the user logged in.
If your clients are in usermode it is possible.(Remember we can apply policy in the group level only not in client level.You can add a user to the group which is don't having this policy applied in this case)

10q AravindKM you helped me alot.

 Computer mode is useful in most of the environments.
In user mode the clients will be attached to respective groups depends on the user logged in.
For more info refer below link
Computer Mode vs. User Mode 

Hello NirH
some exe files extract autorun.inf file to your hdd when you install a driver or program. I am same position like you. therefore I create a test group. every policy same but there is no application and device policy. I mode to user this Test Group and update policy.
when you are sure about client have got new policy try to install it again.
I use this way.
thanks
Fatih

Happy to hear your problem got solved

Its good to heard :)