Network drives autoplay

Asked Oct 05 '22 at 14:12

Active Oct 05 '22 at 14:12

Viewed 37 times

I am having some trouble figuring out what some SMB requests to an AutoRun.inf file are.

My situation is this, i have a fileserver Windows Server 2016, and all my workstations mount a shared drive from this server.

My IDS system that captures and analyzes the traffic is showing some "suspicious" stuff. The workstation tries to access an Autorun.inf on the shared drive, and terminates with a file not found message. So everytime the user opens the shared drive, it searches for an autorun.inf file and not find it there.

Is this normal behaviour or something fishy is going on?

Thanks Teo

asked Oct 05 '22 at 14:12

Teo B

are you in control of the workstations, if so just disable autorun. See [this article for some ideas](https://www.nucleustechnologies.com/blog/three-methods-to-disable-autorun-in-windows-10/) – Robert Longson Oct 05 '22 at 14:53
`Is this normal behaviour`. It is for systems that aren't secured. Autorun is dangerous and should always be disabled. – Greg Askew Oct 05 '22 at 16:08
I have autorun disabled on all drives by gpo. – Teo B Oct 05 '22 at 16:16

Network drives autoplay

0 Answers0