The default Application Control rule to block Autorun triggers when a USB drive with no autorun.inf is connected
search cancel

The default Application Control rule to block Autorun triggers when a USB drive with no autorun.inf is connected

book

Article ID: 154491

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection pops up with an Autorun blocked message when a USB drive with no autorun.inf present is connected.

Autorun has been blocked. Check the Control Log for more details.

Cause

When a USB drive is connected, Windows will attempt to open autorun.inf although it may not exist. This rule blocks the attempt regardless of whether the file exists or not.

Resolution

This is operating normally. To disable notification for this rule, perform the following steps:

  1. Log on the the Symantec Endpoint Protection Manager Console.
  2. Click the Policies tab.
  3. Select Application and Device Control from the Policies pane.
  4. Select the applied policy in the Application and Device Control Policies pane
  5. Click Edit the policy in the Tasks pane.
  6. Click the Application Control tab.
  7. Select Block access to Autorun.inf [AC9] from the Application Control Rule Sets, then click Edit.
  8. Select [ACP-1.1] Autorun.inf from the Rules.
  9. Click the Actions tab.
  10. Uncheck Notify user from the Read Attempt pane.
  11. Click OK, then OK to save the change.

 

Applies To

 

Windows 7