Hello, one of our severs reports that it has more than 3000 event in Prevent Remote Creation of Autorun.inf. I checked the log files and found out the location of autorun.inf. Did a full system scan and the VSE detected and cleaned the said autorun.inf. I checked again the location and found out that the autorun.inf has been deleted. However in our ePO Server, that particular server has stll 3000 events. Tried to disabled the Access Protection and On-Access Scanner in the VSE Console and did a full system scan but can't find the bloody autorun.inf. It seems that the server has no more autorun.inf, but how can I get rid or cleared teh 3000 events in the ePO Server.
By the way, we are using 4.6, VSE 8.5 and latest DAT Files.
First of all you should upgrade to VSE 8.8 Patch 3 or 4 or VSE 8.7 patch 5 as your corrent version does not have artemis detection, plus is not supported plus your engine is 5400 that is not supported and working anymore so, basically you do not have protection (is like you do not have antivirus installed). After upgrading please make sure you have run a full on-demmand scan i all your computers to make sure that all your computers are clean and Machines are not being re-infected.
If you still have the problema, you can create an user difine rule to prevent creation of autorun.inf and if you still have the issue you will see in AP log which Machine is the one infected.