Phone Lines icon GFI Support Home

Articles in this section

See more

Why do I get "AutoRun is enabled" vulnerability?

Author: Andriy Rybalchenko Updated

Overview

A scanning job discovers the High-Security Vulnerability "AutoRun is enabled" on the target computer. This may happen even when AutoRun is disabled on the client machine.

This article provides details on disabling the AutoRun for all the Windows removable drives to fix potential false detection.

 

Solution

Microsoft Windows supports automatic execution in CD/DVD drives and other removable media. This poses a security risk in the case where a CD or removable disk containing malware that automatically installs itself once the disc is inserted, and it is recommended to disable AutoRun both for CD/DVD drives and for other removable drives.

If you do NOT want to disable AutoPlay, it is possible to Acknowledge or Ignore this vulnerability.

There are multiple methods to disable AutoRun in Windows - via the registry, via the Group Policy, from the Windows settings, etc. Some of the methods depend on the operating system version, and if you applied only one of those, the GFI LanGuard might detect the other indicators.

The recommended method to disable AutoRun and to avoid false vulnerability detection is using both the Group Policy and the Registry methods on each target machine:

Disable Autoplay Group Policy

  1. Press Windows key + R from your keyboard and type gpedit.msc, then click Ok to open the Local Group Policy Editor.

  2. Under Computer Configuration, click Administrative Templates -> Windows Components -> AutoPlay Policies.
    mceclip1.png

  3. Double-click on Turn off AutoPlay under the Setting tab, select the "Enabled" option, and click Apply to turn it off.
    mceclip3.png

  4. Do the same for the User Configuration -> Administrative Template -> Windows Components -> AutoPlay Policies.

Turn Off Autorun in the Registry

  1. Press Windows key + R from your keyboard and type regedit in the Run window, and click OK to open Registry Editor.
  2. Click HKEY_CURRENT_USER and follow the path:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
  3. Right-click in the Registry Editor's right pane and create a new DWORD type value and name it “NoDriveTypeAutorun.” Set DWORD value to FF to disable AutoRun on all drives.
  4. Click HKEY_LOCAL_MACHINE and follow the path:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom
  5. Change the AutoRun value to 0.
  6. Exit Registry Editor and restart the machine.

 

Testing

Run the Full Vulnerability Assessment scan on the target machine to update the information in the GFI LanGuard console. Once the scan is completed, verify that the vulnerability is no longer detected. If the issue persists, contact GFI LanGuard Support.

Related articles