Block it’s execution on all drives by D+ writing in the Registry or by intercepting windows on first access removable media inserted, with and optional non-blocking behavior to access it to see what’s in it and delete it if it’s a malware installation file.

Edit: I suggest this because some malware is unknown to CIS or any other Security Software and gets installed when a infected USB memory stick is inserted (instant infection).

I have seen D+ assigning custom security policy to some malware and allowed access rights like I had authorized its execution, D+ didn’t even asked. of course this is not always the case but I have seen it happen. Maybe is because it was ran by the autorun.inf file. So maybe D+ should check if the file indicated in autorun.inf is trying to copy itself on the root directory of every HDD partition and if so, assume is some kind of malware and proceed to unloaded from memory, delete the copies, and forbid it’s future execution with a rule in D+ and FW, pop up the usual warning window and show the autorun.inf file on another window, not too big and not use Notepad but a CIS window, besides the warning one, asking if CIS/D+ should delete autorun.inf and the malware file from the USB/removable device, with an optional, remember my choice.

Edit2: I suspect the reason why D+ allowed those files to be executed was because of its name, it has the letter combo: ‘ms’, ‘net’, and other similarities with ‘System32’ files names.


PS Maybe would be better to move this thread to D+ wishlist.