We've released a new simple but effective tool: http://www.novirusthanks.org/products/anti-autoexec/ What is Anti-AutoExec? We created a setup installer file, you just need to install it and the service will protect your PC in the background automatically. All processes executed via autorun.inf (from any device) will be blocked. If you don't want to use the installer you can install the service manually using the install.bat from the zip file.
Good, tomorrow i'm gonna try it on a different PC to see the result. I couldn't find a setting like "ProtectionEnabled = n" to disable it temporarily, but i guess this is intended Installing of this program = protected (without "on/off-switch") After uninstalling = not protected
Are there some specific diferences among Anti-AutoExec and other tools on the market...like this for exemple? http://www.hongkiat.com/blog/tools-to-protect-computer-from-infected-usb-drives/
@mood Yes, it was intended to not include any Config.ini option, it is just an "install and forget" service. @ichito Some features of the app: - Real-time protection against USB-spreading malware - Real-time protection against any autorun.inf auto-execution (from CD-ROMs, external drives, etc) - Uses a kernel-mode driver to monitor and block processes started via autorun.inf - "Install and forget", zero-configuration - Works on any Windows OS version (XP to 10, 32\64-bit) - Resources-friendly, uses only 1 or 2 MB of RAM
Thanks NVT for your reply...and one more question Are there some advantegies in drive protection realised by A-AE comparing to similar one from NVT? (Settings/external devices).
@ichito //Edit: Anti-AutoExec does the same thing as ERP->Settings->External Devices-> Check all options
Hi NVT, Is it possible to make a version that works the other way around, that can be installed in a USB and protected from an infected Computer?!
@novirusthanks This is great, fine. But what happens if I open Windows Explorer then open the USB device and mistakenly double click an executable file that contains malware? Is it possible to add ERP's feature "Block Processes Executed from USB devices? Some people need to insert undetermined number of unknown USB devices into their computer to print documents, images, etc. ---------------------------------------- Also, if the user requires default-allow policy in the whole system, how to deal with this type of javascript malware found in many usb sticks using Anti-Autoexec? Point is: 1. To block any autorun.inf auto-execution from CD-ROMs, external drives, etc > check 1. To block vulnerable processes/exes found in the system when called from a USB device (when double click for example a pdf file shortcut like the case above) > ? 2. To block vulnerable processes/exes found in the self USB device (when double click a disguised executable for n00b eyes) >? 2. To block any executable found in the USB device, no exceptions (when double click a disguised executable for n00b eyes) > ? 3. To allow to run any processes other than vulnerable ones, found in the system, that are required to open pdf, images, text, etc files found in the USB device > ?