How to delete autorun.inf file using symantec endpoint protection ?
use ADC policy
check these threads
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. check if the application rule is disabled, if yes enable to give more protection on clients.
ADC will control autorun inf. I want to know that if there is any way to permently delete autorun inf using SEP ?
this is the information file which calls the malicious files (sometimes) hence its not threat to be deleted by SEP.
if the file is malicious you can delete using the action for the detections.
By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.
Disabling the Autorun.inf Rule in the SEPM
Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x
How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy?
Microsoft KB articles to disable Autorun
From SEP 12.1 onwards, SEPM will block autorun.inf by default. It's a part of Application & device control policy.
Thanks In Advance
I don't see any need to delete autorun.inf while SEP is taking necessary action.
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<
SEP won't delete the autorun.inf. It can block it using ADC but you will need to physically delete it.
You can try this:
Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.
You question - "How to delete autorun.inf file using symantec endpoint protection ?"
Any particular reason for you to delete the autorun.inf ? Are these files detected by Symantec as a risk ?
Deleting a file which is not a Risk could not be done via Symantec Endpoint Protection. However, you could surely block files via Application and Device Control of Symantec Endpoint Protection.
Check this Article:
Why Symantec Endpoint Protection does not remove AT, INF, INI, and registry keys related to infections
Autorun.inf files are not in itself a Virus, however it may assist the a virus to spread.
Check these Articles:
How to prevent Autorun.inf files being copied or written to network file shares
Preventing a virus from using the AutoRun feature to spread itself
How to protect a USB Flash Drive from being able to auto-start with an unauthorized Autorun.inf file
Disable the Autorun from all the drives with the help of GPO
Hope that helps!!
Associate Security Architect
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
From where you required to delete autorun.inf file?
A lot of application and s/w is depend on same, so please clear this point.
Autorun.inf itself is not a infected file.it contains some file/component to autorun or autoplay.
SEP doesn't delete the autorun.inf if its genuine file.
Yes you can block access to autorun.inf file using ADC policy.