Endpoint Protection

how to block autorun function of usb devices from sep?

How to protect systems with SEP from an autorun.inf that links to malware.

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x

Hi,

Please refer the below link for the same..

http://www.symantec.com/business/support/index?page=content&id=TECH165012

http://www.symantec.com/business/support/index?page=content&id=TECH104909

Hi

Reffer the below links

How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy

https://www-secure.symantec.com/connect/downloads/how-do-i-block-access-autoruninf-using-symantec-endpoint-protection-sep-application-and-de

Block access to Autorun.inf

https://www-secure.symantec.com/connect/downloads/block-access-autoruninf

Hi

1. On Policies "Application and Device control " edit the ADC policy à Make a check mark on "Block access to Autorun.inf" and edit it 
2. Click on Add à Apply a Check mark on  “Only match files on the following device id type”

#  it is recommend to Block aurorun.inf from all the devices ( to accomplish the same do the step 1)

Before doing any Policy change Make a copy of that policy and make changes as per your requirement test it and rolled it out.

Regards

Ajin

Read the below thread

https://www-secure.symantec.com/connect/forums/block-autoruninf

Hi,

In SEP 12.1 product autorun.inf is disabled by default.

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x

 http://www.symantec.com/docs/TECH104909

Microsoft KB articles to disable Autorun

http://support.microsoft.com/kb/967715

http://technet.microsoft.com/en-us/magazine/cc137730.aspx

Hello,

By default, SEP 12.1 has an Application and Device Control rule enabled which will block the access to and creation of autorun.inf files. This is likely the cause of your issue. You could try disabling the rule as a quick test to confirm.

Disabling the Autorun.inf Rule in the SEPM

1. Login to the SEPM
2. Click Clients
3. Select the group your SEP client is in
4. Click the Policies tab (at the top)
5. Open your Application and Device Control Policy
6. Click Application Control
7. Remove the checkmark from Block access to Autorun.inf [AC9]
8. Click OK
9. Once the SEP client picks up the new policy, test it out.

Check these Articles:

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and SEP 12.1

http://www.symantec.com/docs/TECH104909

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/docs/TECH104447

How do I Block access to Autorun.inf using Symantec Endpoint Protection (SEP) Application and Device Control policy?

https://www-secure.symantec.com/connect/downloads/how-do-i-block-access-autoruninf-using-symantec-endpoint-protection-sep-application-and-de

How to prevent Autorun.inf files being copied or written to network file shares

http://www.symantec.com/docs/TECH131807

Disable the Autorun from all the drives with the help of GPO

http://support.microsoft.com/kb/967715

Hope that helps!!

Thanks brain and all.