Autorun.inf problem
My Pendrive contains a autorun.inf virus .Symantec does not detect this virus.The user opens the pendrive.The user profile gets affected by the virus.Subsequently if I insert any pendrive on this system, in this user profile,all the pendrive data becomes hidden and shortcuts are created.If I take this same pendrive and use it on another machine,that machine userprofile is affected.
I have tried :
1)Scanning the pendrive in safe mode.
2)I have scanned the system in safe mode.
3)I have run the symantec support tool to scan if any problem
But no virus is getting detected.
If I scan the pendrive with another antivirus ,that antivirus immediately detect a TROJAN on autorun.inf and cleans the virus.
I want symantec to start a autoscan immediately after the pendrive ( or any removable drive) is plugged into system (even before the user selects a scan for viruses option) and delete the auotrun.inf virus if it exists on the device
Comments 4 Comments • Jump to latest comment
Hi,
I think you have raised IDEA not thread
Check this thread
https://www-secure.symantec.com/connect/forums/block-autoruninf
You can blocked Autorun.inf
Ashish Sharma
Check this artical
http://www.symantec.com/business/support/index?page=content&id=TECH104909
http://www.symantec.com/business/support/index?page=content&id=TECH132337
Chetan Savade Technical Support Accredited
In SEP 11.x you can block autorun.inf through multiple way with the help of following articles.
Preventing a virus from using the AutoRun feature to spread itself
http://www.symantec.com/docs/TECH104447
Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x
http://www.symantec.com/docs/TECH104909
Microsoft KB articles to disable Autorun
http://support.microsoft.com/kb/967715
http://technet.microsoft.com/en-us/magazine/cc137730.aspx
From SEP 12.1 onwards, SEPM will block autorun.inf by default. It's a part of Application & device control policy.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
You may wish to cast a vote in favor of this proposed enhancement request: https://www-secure.symantec.com/connect/idea/automatically-demand-avas-scan-usb-devices-when-plugged
With thanks and best regards,
Mick
How to use Group Policy settings to disable all Autorun features in Windows Server 2008 or Windows Vista
Use either of the following methods:
Method 1
, type Gpedit.msc in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
Method 2
, type Gpedit.msc in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
I have an unmanaged SEP 12.1.1101.401 client and it cannot automatically scan/clean autorun.inf-related viruses on one of the usb hard drive I use in my clients' networks.
Besides, it detected and cleaned correctly the other viruses on the drive, when opening the drive in Explorer (scan enabled when accessing files, not only executed files).
However, some exe files linked to autorun.inf were not detected / cleaned because they had "hidden" and "system" attributes : this does not harm the current host, but it could still harm other hosts not protected by SEP, in my other clients' networks for example.
The result is that my hard drive is a healthy carrier of an autorun.inf threat...
In order to force SEP to scan / clean it, I performed the following in a cmd.exe prompt, where X is the usb drive :
attrib -r -h -s X:\*.*
Then view / scan the files which just appeared.
I'd like SEP to warn / autoclean +r/+h/+s files at the root of usb drives. Thanks!
Would you like to reply?
Login or Register to post your comment.