For what it's worth, I just checked on my windows 11 install and it was (somewhat) enabled.
Settings -> Bluetooth & Devices -> AutoPlay -> Use AutoPlay for all media and devices
Was set to on, and "Removable drive" was set to "Choose a default", which appears to be equivalent to "Ask me every time".
I don't have anything (that I'm aware of) that auto-runs something, but I presume it will prompt me asking if I want to run setup.exe, which seems somewhat reasonable for new hardware.
And from the malware analysis, https://www.hybrid-analysis.com/sample/e3f57d5ebc882a0a0ca96... , it's signed by "Owner: CN=Microsoft Windows Hardware Compatibility Publisher, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US; Issuer: CN=Microsoft Windows Third Party Component CA 2012, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US" which also looks pretty legit.
I can totally see a lot of folks allowing it to run.
Autoplay is something else. Autorun.inf was a file from the Windows 95 era that could execute an .exe of the publishers choice simply by inserting a usb stick or inserting a CD. It's where the Windows XP era advice to never pick up usb sticks in the parking lot came from. Autoplay is a Windows dialog asking the user what Windows does when media is inserted - automatically import photos, open the folder, etc. It's not capable of running an .exe
> An autorun.inf file is a text file that can be used by the Autorun and AutoPlay components of Microsoft Windows. When a USB drive is plugged into a USB port, an autorun USB dialog appears that prompts you to do certain operations: print images, run Windows Media Players, or open a folder. But what if you have a particular application on the USB drive and want it to be launched from the autorun USB dialog? You can put autorun.inf into the root of the USB drive and edit its commands to get the app started when the USB key is plugged.
> Autorun has been disabled since the release of Windows 7 in 2009.
No. Microsoft just said it will disable it. On some systems, i've seen it disabled (i don't know if by default or by AD policy) but, on the majority of Windows 10, it was not disabled.
By `autorun` we're talking about the notorious pre-2007 function of automatically running an exe — the `open` key in the `autorun.inf` file, specifically. It's ignored in all non-EOL Windows versions. It technically true that features called Autorun and Autoplay are still `enabled`, they just don't do what they did pre-2007. The `icon` key still works, but not `open`. You can re-enable `open` with registry edits, but it's not easy.
For what it's worth, I just checked on my windows 11 install and it was (somewhat) enabled.
Settings -> Bluetooth & Devices -> AutoPlay -> Use AutoPlay for all media and devices
Was set to on, and "Removable drive" was set to "Choose a default", which appears to be equivalent to "Ask me every time".
I don't have anything (that I'm aware of) that auto-runs something, but I presume it will prompt me asking if I want to run setup.exe, which seems somewhat reasonable for new hardware.
And from the malware analysis, https://www.hybrid-analysis.com/sample/e3f57d5ebc882a0a0ca96... , it's signed by "Owner: CN=Microsoft Windows Hardware Compatibility Publisher, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US; Issuer: CN=Microsoft Windows Third Party Component CA 2012, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US" which also looks pretty legit.
I can totally see a lot of folks allowing it to run.
Autoplay is something else. Autorun.inf was a file from the Windows 95 era that could execute an .exe of the publishers choice simply by inserting a usb stick or inserting a CD. It's where the Windows XP era advice to never pick up usb sticks in the parking lot came from. Autoplay is a Windows dialog asking the user what Windows does when media is inserted - automatically import photos, open the folder, etc. It's not capable of running an .exe
Microsoft seems to disagree with your assertion.
> An autorun.inf file is a text file that can be used by the Autorun and AutoPlay components of Microsoft Windows. When a USB drive is plugged into a USB port, an autorun USB dialog appears that prompts you to do certain operations: print images, run Windows Media Players, or open a folder. But what if you have a particular application on the USB drive and want it to be launched from the autorun USB dialog? You can put autorun.inf into the root of the USB drive and edit its commands to get the app started when the USB key is plugged.
https://answers.microsoft.com/en-us/windows/forum/all/enable...
> Created on November 17, 2022 > Applies to: Windows / Windows 11 / Files, folders, and storage
2 replies →
> Autorun has been disabled since the release of Windows 7 in 2009.
No. Microsoft just said it will disable it. On some systems, i've seen it disabled (i don't know if by default or by AD policy) but, on the majority of Windows 10, it was not disabled.
By `autorun` we're talking about the notorious pre-2007 function of automatically running an exe — the `open` key in the `autorun.inf` file, specifically. It's ignored in all non-EOL Windows versions. It technically true that features called Autorun and Autoplay are still `enabled`, they just don't do what they did pre-2007. The `icon` key still works, but not `open`. You can re-enable `open` with registry edits, but it's not easy.