Hello,
By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.
Disabling the Autorun.inf Rule in the SEPM
- Login to the SEPM
- Click Clients
- Select the group your SEP client is in
- Click the Policies tab (at the top)
- Open your Application and Device Control Policy
- Click Application Control
- Remove the checkmark from Block access to Autorun.inf [AC9]
- Click OK
- Once the SEP client picks up the new policy, test it out.
Check these Articles:
Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and SEP 12.1
http://www.symantec.com/docs/TECH104909
Preventing a virus from using the AutoRun feature to spread itself
http://www.symantec.com/docs/TECH104447
How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy?
https://www-secure.symantec.com/connect/downloads/how-do-i-block-access-autoruninf-using-symantec-endpoint-protection-sep-application-and-de
How to prevent Autorun.inf files being copied or written to network file shares
http://www.symantec.com/docs/TECH131807
Disable the Autorun from all the drives with the help of GPO
http://support.microsoft.com/kb/967715
Hope that helps!!