This procedure runs a legitimate application that launches via autorun.inf file. In order to execute this file, it must pass one of the following conditions:
- Good Company List (GCL) - The file is signed by a known good company.
- Windows File Protection (WFP) - The file belongs to the windows operating system.
- Trust Application Pattern (TAP) - The file is listed in the Digital Signature Pattern.
To activate the Smart Autorun prevention:
- Log on to OfficeScan Server and open the file \PCCSRV\Ofscan.ini using Notepad.
- Add the following key in the [Global setting] section:
DACUSBSmartAutorunPrevention=1
- Save the file.
- Log on to OfficeScan Web Console and do one of the following:
- For OfficeScan 11.0/XG, go to Agents > Global Agent Settings.
- For OfficeScan 10.6, go to Networked Computers > Global Client Settings.
- Click Save.
The value of the following client-side registry key should look like the following:
- For x86: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS]
"DACUSBSmartAutorunPrevention"=dword:00000001 - For x64: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS]
"DACUSBSmartAutorunPrevention"=dword:00000001