Endpoint Protection

Hello, 

Every time, after I access my hard drives I get this notification which is quite annoying:

"Application and Device Control rule Autorun.inf_Read File has blocked explorer.exe trying to access autorun.inf

Autorun has been blocked. Check the Control Log for more details."

Could anybody help me with understanding what this is and the best way to eliminate it without messing up the antivirus program? Any help will be much appreciated.

On another note, is there a way to get into SEP a bit deeper and learn how it works, so that I could try to help myself in the future?

Regards,

There is an application and device control in place which is blocking the autorun.inf file.

This message can be supressed by a setting in the policy.

In the ADC policy, select the rule that is doing the autorun.inf blocking and open it Select the specific condition and on the Actions tab uncheck the "Notify User" box

You can start here:

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

This is caused by the default ADC policy to block autorun.inf execution on the machine protected by SEP client:

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x and 12.1.x

http://www.symantec.com/docs/TECH104909

Disabling this policy would be not recommended as lot of threats can spread this way. You may want insted disable only the notifications for user for this kind of detection.

Alternatively you may want to disable the Autorun funtionality directly from the OS level:

http://support.microsoft.com/kb/967715

Your SEP is in a managed environment. You may need to check with your SEP admin for access. they might move you to different group where ADC is not enabled.

Refer to Rafeeq post, seems like you're not the admin of your SEP.

Do liase with your IT admin and ask what is allowed and what not...