Home > Symantec Endpoint > Allow Autorun.inf Symantec Endpoint

Allow Autorun.inf Symantec Endpoint

Contents

This document is also available via the Symantec FTP site: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/administration_guide.pdffor SEP 11 ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/12.1/manuals/rtm/Implementation_Guide_SEP12.1.pdffor 12.1 Option 2: WARNING: Symantec strongly recommends that you back up the system registry before making any In the Details pane, double-click Default Behavior for AutoRun. http://technet.microsoft.com/en-us/magazine/cc137730.aspx Disable the AutoRun functionality using the registry This Microsoft KB article explains how to disable AutoRun using the NoDriveTypeAutoRun registry key. Cause The threat that is attacking your system is using the "Windows AutoRun" feature to spread in your environment. http://recupsoft.com/symantec-endpoint/what-is-symantec-endpoint-protection.html

Restart the computer. It's a part of Application & device control policy. Thank you for your feedback! Close Login Didn't find the article you were looking for? https://www.symantec.com/connect/ideas/autoruninf-problem

Allow Autorun.inf Symantec Endpoint

Uncheck Notify user from the Read Attempt pane. No Yes logo-symantec-dark-source Loading Your Community Experience Symantec Connect You will need to enable Javascript in your browser to access this site. © 2017 logo-symantec-dark-source Loading Your Community Experience Symantec Connect If I scan the pendrive with another antivirus ,that antivirus immediately detect a TROJAN on autorun.inf and cleans the virus. Apply the new imported policy to your clients.

Restart the computer. 0 Login to vote ActionsLogin or register to post comments Jaycee Autorun.inf problem - Comment:22 Feb 2013 : Link I have an unmanaged SEP 12.1.1101.401 client and it Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behavior box to disable Autorun on all drives. Legacy ID 2008050910464348 Download Files block_access_to_autorun.inf.dat Terms of use for this information are found in Legal Notices. Disable Adc Symantec The second method will work also if the "SysPlant" device driver is now loaded.

Louis Security User Group Meeting - April 4, 2017 04 Apr, 2017 - 11:00 CDT Washington D.C. Select [ACP-1.1] Autorun.inf from the Rules. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives. https://www.symantec.com/connect/forums/autoruninf-application-and-device-control-problem Education Services Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

To permanently prevent threats from using the AutoRun feature the following options are available: Install a Windows hotfix to disable AutoRun on USB drives This hotfix leaves AutoRun working only with Application And Device Control Rule Autorun Inf Read File Has Blocked Try these resources. This rule blocks the attempt regardless of whether the file exists or not. Thanks! 0 Login to vote ActionsLogin or register to post comments Would you like to reply?

How To Unblock Autorun In Symantec

Submit a False Positive Report a suspected erroneous detection (false positive).

Information for: Enterprise Small Business Consumer (Norton) Partners Our Offerings: Products Products A-Z Services Solutions Connect with us: Support https://www.symantec.com/connect/forums/autorun-file-and-system-looks-infected I have tried : 1)Scanning the pendrive in safe mode. 2)I have scanned the system in safe mode. 3)I have run the symantec support tool to scan if any problem But Allow Autorun.inf Symantec Endpoint Solution Note: To check if the computer in question is configured according to this best practice, download and run a 'scan for common issues' in SymHelp. Autorun Has Been Blocked Check The Control Log Provide feedback on this article Request Assistance Print Article Products Subscribe to this Article Manage your Subscriptions Search Again Situation It appears that a virus is using the AutoRun feature in

Close Login Didn't find the article you were looking for? my review here In order to import the policy: Download the attached policy file Go to the "Policies" page. Incorrect changes to the registry may result in system instability, permanent data loss or corrupted files. Login or Register to post your comment. Cannot Copy Autorun.inf Access Denied Symantec

  • To disable notification for this rule, perform the following steps: Log on the the Symantec Endpoint Protection Manager Console.
  • Try these resources.
  • Note: The "autorun.inf" file in and of itself, is not malicious.
  • Applies ToWindows 7 References 2348091 Terms of use for this information are found in Legal Notices.
  • Besides, it detected and cleaned correctly the other viruses on the drive, when opening the drive in Explorer (scan enabled when accessing files, not only executed files).
  • Thank you for your feedback!

Submit a Threat Submit a suspected infected fileto Symantec. Create a SymAccount now!' Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x TECH104909 January 4th, 2017 http://www.symantec.com/docs/TECH104909 Support / Submit a False Positive Report a suspected erroneous detection (false positive).

Information for: Enterprise Small Business Consumer (Norton) Partners Our Offerings: Products Products A-Z Services Solutions Connect with us: Support http://recupsoft.com/symantec-endpoint/symantec-endpoint-protection-11-3.html Computers connected to the network drives continually receive threat detection dialogs.

http://support.microsoft.com/kb/971029 Disable AutoPlay in your environment using a Group Policy Object (GPO) Follow the instructions in the following Microsoft TechNet Security Watch article; under Managing AutoPlay in Your Network. Symantec Endpoint Protection Manager Console Thank you for your feedback! However, some exe files linked to autorun.inf were not detected / cleaned because they had "hidden" and "system" attributes : this does not harm the current host, but it could still

I'd like SEP to warn / autoclean +r/+h/+s files at the root of usb drives.

Create a SymAccount now!' Prevent viruses from using AutoRun to spread TECH104447 November 20th, 2014 http://www.symantec.com/docs/TECH104447 Support / Prevent viruses from using AutoRun to spread Did this article resolve your issue? In order to force SEP to scan / clean it, I performed the following in a cmd.exe prompt, where X is the usb drive : attrib -r -h -s X:\*.* Then Solution Option 1: Warning: This policy file is provided as a convenience tool and is not supported by Symantec. Autorun.inf Virus Whenever a USB drive is inserted or other computers connect to the network a file called "autorun.inf" appears at the root of the new drive and the installed antivirus product detects

Use at your own risk. Translated Content This is machine translated content Login to Subscribe Please login to set up your subscription. Education Services Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments. http://recupsoft.com/symantec-endpoint/symantec-endpoint-protection-update.html Cause Windows uses the autorun.inf file to: Identify which file to run when new media is inserted, or Identify which options to present in an AutoPlay dialog Viruses and other

For more information, read the following article: "Preventing a virus from using the AutoRun feature to spread itself" at: http://www.symantec.com/docs/TECH104447 Technical Information For Option 2 the DWORD value of 24 in Close Login Didn't find the article you were looking for? You can disable the AutoRun/AutoPlay feature in Windows using the following registry settings: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000024 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "Autorun"=dword:00000000 The registry change can be pushed out to agents using a Custom Host Integrity Don't have a SymAccount?

Click the Application Control tab. Try these resources. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies. Click Import an Application and Device Control policy.

The result is that my hard drive is a healthy carrier of an autorun.inf threat...