Community Insights

Title : How to Disable AutoPlay feature to prevent Virus spreading using this feature.

Cause : Most of the Malware and worm uses autorun feature of windows to Spread & launch to your machine.

Solution :

- Go to Start and Run
- Type gpedit.msc
- Click Ok
- This will open a new group policy window.
- In the group policy window click on the plus sign next to Administrative Templates under Computer configuration.
- Then Click on system & then you will find turn off Autoplay on the right-hand side.
- Double click on the Turn off Autoplay. It will open a new window
- By default it will set to Not configured.
- Select Enable & select it for All drive then click Apply and OK.
- Close the Group Policy Window.
thanks for the update..
Good to see this on forum
This is what i was looking thanks Saeed.......
You can get the same function by enabling "Device and access control" in SEP and creating a customised policy.
This if of course way more work and needs a lot of testing before launching to production.

You can also disable AutoPlay with the microsoft tool Tweak UI from the Power Toys web site
Since this can be also done Application and Device Control.I don't think it was neccesary here.
 I think both options are good. The windows autorun feature should always be disabled. It is good for clients that are newly installed and have not yet got SEP installed.
Max has a point there..
It would not hurt doing both ways...
the only reason I would prefer it in SEP is that it would admin autoplay and the others centrally..
Create a Folder named Autorun.inf on all the Drives root location, so that when a virus tries to create it will not be able to do so. Smiley Happy
 It is easy to disable autorun from a central GPO (group policy object) that resides on the Domain Controller and thus making the rule apply to all clients in the organisation. To do that is I made an article that continues where this one left off. 
 My article is now published. I was to quick to post the link here. But now it works. 
One more reason to disable autorun (this has actually been around for a while)

"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc... Several methods for silent activation exist including the original MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key, and the original Amish technique of using social engineering to trick a user into running the autorun when choosing "Open folder to display files" upon insertion."

Using a USB with payload installed the possibilities are endless, including AVKillers

Step 1) Plug in (No input is required to initiate autorun)
Step 2) Wait about 30 seconds
Step 3) Unplug and review stolen data later

Let's just hope our military relizes this issue and disabled it long ago!
If you have VMWare installed, autorun is disabled by default btw Smiley Happy
 Someone said that autorun is disabled by default with some of the most recent updates for Windows. I cannot confirm that this is the case. Anyone that has some links to provide?

Thanks for the link!

Thanks for the info. It is my first time to log in this site and I find it interesting ...

Just thought of sharing this URL from my bookmarks It illustrates this author's objectives through visual pictures.

 @ deepak

I used the link you shared and did it. It helped a lot. Nice one!


Angie, if you did like deepak's comment - do not forget to vote yes

Hi Volo,

I am unable to vote, not sure why, there is no any action when i point the Vote button  =(.


Change 0x91 (145) to 0x95 (149)
Was 0x91 (+0x4 should disable on removable drives)


Fuller details:

"For example, let's say you want to disable AutoRun for everything but CD-ROMs. To block the other media types, according to Microsoft's cryptic documentation, you'd add 1 for unknown media, 4 for removable drives (such as USB drives), 8 for fixed drives, 16 for network drives, 64 for RAM drives, and 128 for other drives of unknown types. Add all of those decimal values together and enter the result — 221 — in the Decimal box of the NoDriveTypeAutorun Registry key."

32 = disable autoplay on CD-Rom drives ( = 0x20 = DRIVE_CD_ROM)

The values in the bitfield correspond to return values of the Get­Drive­Type function:

#define DRIVE_UNKNOWN     0
#define DRIVE_FIXED       3
#define DRIVE_REMOTE      4
#define DRIVE_CDROM       5
#define DRIVE_RAMDISK     6
7 = future use

I tried everything, and still didn't find way how to disable autoplay. Gpedit, editing registry, but nothing worked for me! Friend suggested me Autoplay disabler Pro, and I really suggest it to all of you. It's so simple to use, and still, it really works Smiley Happy you can find it at 

Hi all,

Above solutions are good but i want a solution opposite to it,

I want to enable this autorun function.

I have a data card and when i connected it the Dialer application was running automatically but after upgrading Symantec client secuirty  to SEP 11.0, this autorun option has blocked. now it can be connect only manually.

So guide on this