How to disable autorun feature on external media

How to disable the autorun of a pendrive’s content on Windows to minimize infection by this mean?

As stated on my last post, a way of infecting Windows machines is through executing content automaticaly upon connecting exeternal media like pendrives (thumbdrives), cdroms, external HDs, etc.

It’s very easy to contaminate a pendrive today. We always have one ready and available and when we want to get or pass a file from/to someone we can do it in no time, we just need to withdraw one from our pocket. This is very practical, but can bring a lot of headache as well.

An infection can be spread to a pen drive or an external HD in the exact moment of its connection on an infected machine, in a fraction of a second. That is enough to your device become and infection vector.

You can protect yourself against this kind of threat configuring your Windows to not auto run programs when connecting these devices, this will prevent (hidden/automatic) infections by this mean, unless you purposedly run the infected file on the target device.

In order to disable this function you have to run the gpedit.msc utility. Press the Windows key on your keyboard then type the name gpedit.msc, wait for the program to show up on your list then press “Enter”.

On the program window, at the left side open:
Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies

On the left side of the window double click on “Turn off Autoplay”

On the window that pops up select the option: Enabled > Options: > Turn off Autoplay on: > All drives.

Click OK and close the window.

There is also another trick to do for the less sophisticated malwares: create a folder on your external device with the name autorun.inf, this will prevent this kind of infection to create or substitute the file with the same name “autorun.inf” and turn your device into an infection vector, but for those malwares more well written, it will make no effect as it will erase the folder and create the file anyway. For this reason it is advised to always check the device for this kind of file and, if it exists, delete it and check it with a antivirus software as it was probably infected. Always check your device against threats with good antivirus software regularly.


Leave a Reply

Your email address will not be published. Required fields are marked *