A scanning job discovers the High-Security Vulnerability "AutoRun is enabled" on the target computer. This may happen even when AutoRun is disabled on the client machine.
This article provides details on how to disable the AutoRun for all the removable drives in Microsoft Windows and to fix the issue of false detection.
Microsoft Windows supports automatic execution in CD/DVD drives and other removable media. This poses a security risk in the case where a CD or removable disk containing malware that automatically installs itself once the disc is inserted and it is recommended to disable AutoRun both for CD/DVD drives and for other removable drives.
If you do NOT want to disable AutoPlay it is possible to Acknowledge or Ignore this vulnerability. Refer to Understanding Dashboard Actions for Vulnerabilities and Patches in LanGuard for the details.
There are multiple methods to disable AutoRun in Windows - via the registry, via the Group Policy, from the Windows settings, etc. Some of the methods depend on the operating system version, and if you applied one of those, the GFI LanGuard might not detect such changes.
The recommended method to disable AutoRun and to avoid false vulnerability detection is using the Group Policy:
Open the Windows Start menu and type gpedit.msc to open the Local Group Policy Editor.
Under Computer Configuration, click Administrative Templates -> Windows Components -> AutoPlay Policies.
Double-click on Turn off AutoPlay under the Setting tab, select the "Enabled" option, and click Apply to turn it off.
- Run the Full Vulnerability Assessment scan on the target machine to update the information in the GFI LanGuard console.
Once the scan is completed verify that the vulnerability is no longer detected.