Endpoint Protection

I'm really annoyed with Endpoint Protection right now, it seems to prevent me from dealing with autorun.inf files on a network share.  I like to store backups on a network share (As well as sometimes copy them from it) and endpoint protection basically makes my development methodology impossible, because it will cause explorer to fail each time it tries to read (or write) an autorun.inf file on a network share.

Is there anyway to disable this behavior (it didn't act this way in v11)?

I'll also note, that I have autorun totally disabled on these PCs, so I understand what security considerations are behind this, but that makes it even more crazy that i can't disable it as windows just ignores those files for me now.

Hello spotter 2,

By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.

Disabling the Autorun.inf Rule in the SEPM

1. Login to the SEPM
2. Click Clients
3. Select the group your SEP client is in
4. Click the Policies tab (at the top)
5. Open your Application and Device Control Policy
6. Click Application Control
7. Remove the checkmark from Block access to Autorun.inf [AC9]
8. Click OK
9. Once the SEP client picks up the new policy, test it out.

I'd mention something about this reducing your security posture, but you already said that you have Autorun disabled at the Windows level. :)

Regards,

James

Either follow the advice from James above or completely disable ADC, if it's something you don't want to use.

thanks, I had to rely on Brian81's advice (actually found it elsewhere first) as using unmanaged clients.  basically control panel - > modify - > uncheck adc.

wish unmanaged clients had the flexibility of managed clients.