Endpoint Protection Small Business Edition

 View Only

  • 1.  Allow autorun.inf on an unmanaged Endpoint Protection 12.1 client

    Posted Nov 30, 2011 11:11 AM

    I really don't want to hear about all of the risks about allowing autorun.  I already understand these risks.  However, I have a user that has a legitimate need to allow autorun to run on his Seagate Free Agent Goflex USB drive.  Autorun allows the backup program to automatically start and backup his hard drive.

     By default, autorun.inf is blocked with Endpoint Protection 12.1.  There are lots of instructions on how to block autorun but I have found little to unblock autorun in Endpoint Protection.  I found how to unblock on a managed client.  However, I have found nothing on how to unblock autorun on an unmanaged client. 

     



  • 2.  RE: Allow autorun.inf on an unmanaged Endpoint Protection 12.1 client

    Posted Nov 30, 2011 02:58 PM

    The only idea I have is to reinstall the unmanaged client. For this purpose create a new installation package for unmanaged clients which is connected to a group (may be a dummy group for this action only). In this group the ruleset "Block access to autorun.inf" of Application Control policy must be disabled.



  • 3.  RE: Allow autorun.inf on an unmanaged Endpoint Protection 12.1 client
    Best Answer

    Trusted Advisor
    Posted Dec 02, 2011 09:04 AM

    Hello,

    Simple steps.

    If incase, you have a managed SEP client which makes sure that the AutoRun.inf should not be allowed in the environment and you want to make this 1 single machine as exception then, here are simple ways.

    1) Move this client to a new group which has no Firewall Policy and Application & Device Control Policy.

    This can be done by Withdrawing the Policy from the Group.

    Restart of the machine is necessary.

    OR 

    2) You can Deploy another package (using autoupgrade or deploying a new custom package) without the Network Threat Protection and Application & Device Control Feature.

    NOTE: Restart of the machine is necessary.

    Understanding: Network Threat Protection (Firewall) and Application and Device Control runs on Drivers installed on the machine during Installation of the SEP client. And, to Install / Uninstall these Drivers, you Require a Restart.

    Incase, if it's a UnManaged Client then, Simply Disable the Network Threat Protection Policy by: 

    SEP client >  Change Settings > Network Threat Protection, configure Settings > uncheck Enable Firewall.

    Restart is necessary.

    OR

    Uninstall the Network Threat Protection and Application & Device Control Feature from SEP client from the Add/Remove Programs.

    Restart is necessary.

    Hope that helps!!