D+ system allows access to inf files on removable media the programs svhost.exe and explorer.exe when a policy must block their access.
I insert many USB memories on my computer and I need to avoid that autorun.inf malicious files execute themselves or execute other malicious processes for this reason I block access these processes on removable media like CDs or USB storage device.
However, the following policies I apply in my blocked files doesnt work 100% because CIS just blocks access these processes when I try to open them:
(CD)d:*.inf
(DVD)e:*.inf
(USB)f:*.inf
Even I have written the policies of the following way:h:\autorun.inf but it doesn’t work either,seeing that CIS allows access the programs svhost.exe and explorer.exe executing instructions from that file.
The policy at the moment I use is: *.inf(block all inf files) for blocking those threats but it just work when USB device has been installed already by Windows. But when media hasn’t been installed and the operating system needs to access inf files in Windows folder this policy blocks that action producing a failure during device installation.
Please! This possible bug could be fix in D+ system programming? since it is very useful to me, avoiding me unnecessary alerts to insert infected removable media.