|
An AutoRun.inf file is used mainly on CDs to start a setup program. It could also surreptitiously install malware.
AutoRun executables can be blocked like any other unauthorized executable by White List protection: Here, Anti-Executable. 
A typical Autorun.inf and Setup.exe on a CD. Anti-Executable denies, since the Setup.exe file is not on the White List. 
I created "malicious-file.exe" and put it on a CD with an autorun.inf file 
This autorun.inf file and a trojan file were found on a digital picture frame - a USB device. It will also run from an external USB hard drive, or a U3 type flash drive. Here, I put it on a USB hard drive to test: 
In addition to protecting against remote code execution by an AutoRun.inf file, it provides protection for parents or an Administrator in controlling what gets installed, since it is Default-Deny: the user cannot proceed to install any executable program without knowing the password. |
