cancel
Showing results for 
Search instead for 
Did you mean: 
Saeed
Level 3
Title : How to Disable AutoPlay feature to prevent Virus spreading using this feature.

Cause : Most of the Malware and worm uses autorun feature of windows to Spread & launch to your machine.

Solution :

- Go to Start and Run
- Type gpedit.msc
- Click Ok
- This will open a new group policy window.
- In the group policy window click on the plus sign next to Administrative Templates under Computer configuration.
- Then Click on system & then you will find turn off Autoplay on the right-hand side.
- Double click on the Turn off Autoplay. It will open a new window
- By default it will set to Not configured.
- Select Enable & select it for All drive then click Apply and OK.
- Close the Group Policy Window.
Comments
Nel_Ramos
Level 4
thanks for the update..
kavin
Not applicable
Good to see this on forum
Sheetu
Not applicable
This is what i was looking thanks Saeed.......
Maximilian
Level 2
You can get the same function by enabling "Device and access control" in SEP and creating a customised policy.
This if of course way more work and needs a lot of testing before launching to production.

You can also disable AutoPlay with the microsoft tool Tweak UI from the Power Toys web site
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Int3rn3t
Level 3
Since this can be also done Application and Device Control.I don't think it was neccesary here.
Maximilian
Level 2
 I think both options are good. The windows autorun feature should always be disabled. It is good for clients that are newly installed and have not yet got SEP installed.
Nel_Ramos
Level 4
Max has a point there..
It would not hurt doing both ways...
the only reason I would prefer it in SEP is that it would admin autoplay and the others centrally..
thanks..
Acretian
Level 2
Create a Folder named Autorun.inf on all the Drives root location, so that when a virus tries to create it will not be able to do so. :)
Maximilian
Level 2
 It is easy to disable autorun from a central GPO (group policy object) that resides on the Domain Controller and thus making the rule apply to all clients in the organisation. To do that is I made an article that continues where this one left off.

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spr... 
Maximilian
Level 2
 My article is now published. I was to quick to post the link here. But now it works.

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spr... 
andrew_ferguson
Not applicable
Employee
One more reason to disable autorun (this has actually been around for a while)

http://wiki.hak5.org/wiki/USB_Switchblade

"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc... Several methods for silent activation exist including the original MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key, and the original Amish technique of using social engineering to trick a user into running the autorun when choosing "Open folder to display files" upon insertion."

Using a USB with payload installed the possibilities are endless, including AVKillers

Example:
Step 1) Plug in (No input is required to initiate autorun)
Step 2) Wait about 30 seconds
Step 3) Unplug and review stolen data later

Let's just hope our military relizes this issue and disabled it long ago!
andrew_ferguson
Not applicable
Employee
If you have VMWare installed, autorun is disabled by default btw :)
Maximilian
Level 2
 Someone said that autorun is disabled by default with some of the most recent updates for Windows. I cannot confirm that this is the case. Anyone that has some links to provide?
Maximilian
Level 2

Thanks for the link!

Kharen_22
Not applicable
Thanks for the info. It is my first time to log in this site and I find it interesting ...
deepak_vasudeva
Level 6

Just thought of sharing this URL from my bookmarks http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/ It illustrates this author's objectives through visual pictures.
Angelique28
Level 4
Employee

 @ deepak

I used the link you shared and did it. It helped a lot. Nice one!

Angel

UFO
Level 6

Angie, if you did like deepak's comment - do not forget to vote yes

Angelique28
Level 4
Employee

Hi Volo,

I am unable to vote, not sure why, there is no any action when i point the Vote button  =(.

Angel

Bicester
Not applicable

Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Change 0x91 (145) to 0x95 (149)
Was 0x91 (+0x4 should disable on removable drives)

-------------------------------

Fuller details:

"For example, let's say you want to disable AutoRun for everything but CD-ROMs. To block the other media types, according to Microsoft's cryptic documentation, you'd add 1 for unknown media, 4 for removable drives (such as USB drives), 8 for fixed drives, 16 for network drives, 64 for RAM drives, and 128 for other drives of unknown types. Add all of those decimal values together and enter the result — 221 — in the Decimal box of the NoDriveTypeAutorun Registry key."

32 = disable autoplay on CD-Rom drives ( = 0x20 = DRIVE_CD_ROM)

The values in the bitfield correspond to return values of the Get­Drive­Type function:

#define DRIVE_UNKNOWN     0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE   2
#define DRIVE_FIXED       3
#define DRIVE_REMOTE      4
#define DRIVE_CDROM       5
#define DRIVE_RAMDISK     6
7 = future use

Milos
Not applicable

I tried everything, and still didn't find way how to disable autoplay. Gpedit, editing registry, but nothing worked for me! Friend suggested me Autoplay disabler Pro, and I really suggest it to all of you. It's so simple to use, and still, it really works :) you can find it at http://www.autoplaydisabler.us 

Sanjay_IBM
Not applicable

Hi all,

Above solutions are good but i want a solution opposite to it,

I want to enable this autorun function.

I have a data card and when i connected it the Dialer application was running automatically but after upgrading Symantec client secuirty  to SEP 11.0, this autorun option has blocked. now it can be connect only manually.

So guide on this 

 

Version history
Last update:
‎06-17-2009 10:22 AM
Updated by: