How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy? Please find attached here with the Policy File required to complete the task Warning: Use the policy file attached to this article only as a reference to implement the policy. DO NOT import this policy directly to a production environment without testing first. The settings and configurations contained in the attachment are examples and will not necessarily work in your environment.
I have tested this policy and noticed it blocks all apps on Read, except rtvscan.exe.
If I want to be able to read inside such autorun.inf, can I add notepad.exe for instance next to rtvscan.exe in Symantec Applications rule? Would adding notepad.exe to the list of approved apps cause any exposure or reduces the efficiency of the policy in any way?
I am wondering why Symantec keeps the Create, Delete and Write attempts together and does not allow distinct actions for each of these...
Thanks!