Carbon Black Cloud: Is autorun.inf automatically blocked from execution on removable media?
Article ID: 289702
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Is autorun.inf automatically blocked from execution on removable media?
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Windows Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Resolution
We do not block any file from running by default unless it has a malicious reputation and the applicable policies are in place. However you can create the following Blocking and Isolation policy rule to block files of this type by default:
Application(s) at path:
**\autorun.inf
Runs or is running → Terminate
Once the rule has been saved, please allow time for the device to check-in and download the updated policy rules before testing.
Application(s) at path:
**\autorun.inf
Runs or is running → Terminate
Once the rule has been saved, please allow time for the device to check-in and download the updated policy rules before testing.
Additional Information
Starting in Sensor version 3.5, a new feature has been added which will find all malicious services associated with Known Malware hashes and puts them in a disabled state.
Feedback
Yes
No
Powered by
