Endpoint Protection

 View Only

How to Disable AutoPlay feature to prevent Virus spreading using this feature. 

Jun 17, 2009 01:22 PM

Title : How to Disable AutoPlay feature to prevent Virus spreading using this feature.

Cause : Most of the Malware and worm uses autorun feature of windows to Spread & launch to your machine.

Solution :

- Go to Start and Run
- Type gpedit.msc
- Click Ok
- This will open a new group policy window.
- In the group policy window click on the plus sign next to Administrative Templates under Computer configuration.
- Then Click on system & then you will find turn off Autoplay on the right-hand side.
- Double click on the Turn off Autoplay. It will open a new window
- By default it will set to Not configured.
- Select Enable & select it for All drive then click Apply and OK.
- Close the Group Policy Window.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jun 09, 2012 04:06 AM

Hi all,

Above solutions are good but i want a solution opposite to it,

I want to enable this autorun function.

I have a data card and when i connected it the Dialer application was running automatically but after upgrading Symantec client secuirty  to SEP 11.0, this autorun option has blocked. now it can be connect only manually.

So guide on this 

 

Sep 15, 2011 06:43 AM

I tried everything, and still didn't find way how to disable autoplay. Gpedit, editing registry, but nothing worked for me! Friend suggested me Autoplay disabler Pro, and I really suggest it to all of you. It's so simple to use, and still, it really works :) you can find it at http://www.autoplaydisabler.us 

Mar 11, 2011 07:02 PM

Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
Change 0x91 (145) to 0x95 (149)
Was 0x91 (+0x4 should disable on removable drives)

-------------------------------

Fuller details:

"For example, let's say you want to disable AutoRun for everything but CD-ROMs. To block the other media types, according to Microsoft's cryptic documentation, you'd add 1 for unknown media, 4 for removable drives (such as USB drives), 8 for fixed drives, 16 for network drives, 64 for RAM drives, and 128 for other drives of unknown types. Add all of those decimal values together and enter the result — 221 — in the Decimal box of the NoDriveTypeAutorun Registry key."

32 = disable autoplay on CD-Rom drives ( = 0x20 = DRIVE_CD_ROM)

The values in the bitfield correspond to return values of the Get­Drive­Type function:

#define DRIVE_UNKNOWN     0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE   2
#define DRIVE_FIXED       3
#define DRIVE_REMOTE      4
#define DRIVE_CDROM       5
#define DRIVE_RAMDISK     6
7 = future use

Oct 20, 2010 05:42 AM

Hi Volo,

I am unable to vote, not sure why, there is no any action when i point the Vote button  =(.

Angel

Oct 15, 2010 08:46 AM

Angie, if you did like deepak's comment - do not forget to vote yes

Oct 11, 2010 07:03 AM

 @ deepak

I used the link you shared and did it. It helped a lot. Nice one!

Angel

Jun 29, 2010 03:57 PM


Just thought of sharing this URL from my bookmarks http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/ It illustrates this author's objectives through visual pictures.

Feb 12, 2010 06:47 PM

Thanks for the info. It is my first time to log in this site and I find it interesting ...

Nov 23, 2009 09:04 AM

Thanks for the link!

Nov 19, 2009 04:24 AM

 Someone said that autorun is disabled by default with some of the most recent updates for Windows. I cannot confirm that this is the case. Anyone that has some links to provide?

Nov 17, 2009 07:43 PM

If you have VMWare installed, autorun is disabled by default btw :)

Nov 17, 2009 07:39 PM

One more reason to disable autorun (this has actually been around for a while)

http://wiki.hak5.org/wiki/USB_Switchblade

"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc... Several methods for silent activation exist including the original MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key, and the original Amish technique of using social engineering to trick a user into running the autorun when choosing "Open folder to display files" upon insertion."

Using a USB with payload installed the possibilities are endless, including AVKillers

Example:
Step 1) Plug in (No input is required to initiate autorun)
Step 2) Wait about 30 seconds
Step 3) Unplug and review stolen data later

Let's just hope our military relizes this issue and disabled it long ago!

Sep 09, 2009 02:50 AM

 My article is now published. I was to quick to post the link here. But now it works.

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way 

Sep 04, 2009 08:00 AM

 It is easy to disable autorun from a central GPO (group policy object) that resides on the Domain Controller and thus making the rule apply to all clients in the organisation. To do that is I made an article that continues where this one left off.

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way 

Sep 03, 2009 11:14 PM

Create a Folder named Autorun.inf on all the Drives root location, so that when a virus tries to create it will not be able to do so. :)

Sep 03, 2009 11:02 PM

Max has a point there..
It would not hurt doing both ways...
the only reason I would prefer it in SEP is that it would admin autoplay and the others centrally..
thanks..

Sep 02, 2009 07:47 AM

 I think both options are good. The windows autorun feature should always be disabled. It is good for clients that are newly installed and have not yet got SEP installed.

Sep 02, 2009 07:33 AM

Since this can be also done Application and Device Control.I don't think it was neccesary here.

Jul 14, 2009 03:32 AM

You can get the same function by enabling "Device and access control" in SEP and creating a customised policy.
This if of course way more work and needs a lot of testing before launching to production.

You can also disable AutoPlay with the microsoft tool Tweak UI from the Power Toys web site
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Jun 18, 2009 01:27 PM

This is what i was looking thanks Saeed.......

Jun 18, 2009 01:17 PM

Good to see this on forum

Jun 17, 2009 11:33 PM

thanks for the update..

Related Entries and Links

No Related Resource entered.