Hello spotter 2,
By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.
Disabling the Autorun.inf Rule in the SEPM
- Login to the SEPM
- Click Clients
- Select the group your SEP client is in
- Click the Policies tab (at the top)
- Open your Application and Device Control Policy
- Click Application Control
- Remove the checkmark from Block access to Autorun.inf [AC9]
- Click OK
- Once the SEP client picks up the new policy, test it out.
I'd mention something about this reducing your security posture, but you already said that you have Autorun disabled at the Windows level. :)
Regards,
James