AutoRunGuard™

AutoRunGuard is an extremely flexible program that enables you to set out rules --- as simple or complex as you like --- to govern what will happen as soon as a removable drive is connected or CD inserted. This may include launching a particular program immediately, or adding relevant options to a menu for you to choose from.

It may be used either as a replacement for AutoPlay or in tandem with it.

As discussed in my Autorun Reference Guide, all Windows users (or at least those who don't live alone in their own universes) really ought to disable the use of autorun.inf files.  AutoRunGuard will give you a safer alternative to the use of such files.
  • AutoRunGuard can check for the presence of a 'hidden' or 'system' Autorun.inf file, a sure sign that a worm has infected the drive.  It can also check for hidden files and folders.  It's nice to insert a colleague's USB stick in my computer and immediately (and safely) be able to tell him about infections on the drive, even infections that anti-virus software hasn't recognized.
  • The AutoRunGuard rules can base decisions on factors like:
    • the drive letter, the drive's serial number, the filesystem, and the volume label.
    • the presence and/or attributes of certain files or folders.
    • whether programs on the drive have been tampered with. (A virus may have injected itself into your portable apps when you used your drive in an infected computer.  AutoRunGuard can verify a file's MD5 hash has not changed from what it used to be.)

  • Based on these factors, the AutoRunGuard can either take actions immediately or add the option for relevant actions to a menu.  These options include:
    • launching a program (e.g. your back-up program, U3 LaunchPad, TrueCrypt, etc.)
    • running a virus scan.
    • inoculating a removable drive so that it won't carry the current autorun worms.
    • browsing the disk contents with Explorer.
    • pretty much anything else you can think of...
It's "open-source" and free.  (After all, it's a command script.)  Tweak it to your heart's content.  (If somebody wants to rewrite it at a GUI rule wizard, I'd love to post a link here.) For a humble "batch file", it makes some complex responses fairly simple to configure. 

If you like it, please use the link below to give feedback.  Unfortunately, I cannot give much time for user support, but if you have questions that are not answered in the documentation, please check the blog.  Somebody may have got an answer there already.


 Note:  The AutoRunGuard package includes (and is dependent on)  Didier Stevens' excellent USBVirusScan as well as a public domain MD5 implementation thanks to the work of Ron Rivest, Colin Plumb, and John Walker.

Anti-Virus Command Line Settings

The setting that you are most likely to need to customize is the command line for your particular anti-virus scanner.  Following are some samples that may match what you need.  Test it first by running the command exactly as shown except that you should replace %d% with a drive letter and a colon for this test.  Then in the AutoRunGuard.cmd file, scroll down about 135 lines to where it says,
:: [[ Modify the following line to be whatever your system needs for performing a virus scan. ]]

Then replace the setting in the following (set MenuCmd=...) line with the one that worked for you.

Note that the path and parameters that a program uses may vary from one version and edition to another.  You might try browsing your Program Files folder to find the actual .exe files.  Note also that some programs offer both a command-line version (text will appear in the AutoRunGuard window) and a means to call the normal scanning window.

AVG 7.5 Free  (In the AutoRunGuard window)
"%ProgramFiles%\Grisoft\AVG Free\avgscan.exe" /EXT=* /NOBOOT /NOMEM /SCAN /NOSELF /NOHIMEM /ARC "%d%\"

AVG 7.5 Free  (In it's own normal window)
"%ProgramFiles%\Grisoft\AVG Free\avgw.exe" /SE "%d%\"

AVG 7   (In AutoRunGuard window)
"%ProgramFiles%\Grisoft\AVG7\avgscan.exe" /EXT=* /NOBOOT /NOMEM /SCAN /NOSELF /NOHIMEM /ARC "%d%\"

AVG 7  (In AutoRunGuard window)
"%ProgramFiles%\Grisoft\AVG7\avgw.exe" /SE "%d%\"

Avira AntiVir
Some users have said to use this: (Possibly adjusting the path)
"%ProgramFiles%\AntiVir PersonalEdition Classic\avscan.exe" /GUIMODE=2 /PATH="%d%\"

Other users have said to download the Avira AntiVir Command-Line Scanner, which you call like this:
"%ProgramFiles%\AntiVir PersonalEdition Classic\AVCLS.exe" %d%\  -s  -noboot -nombr -v -z -ren
(The -s parameter specifies to scan subdirectories too, but is apparently only available in the Premium version.)

Symantec
"%ProgramFiles%\Symantec AntiVirus\vpscan.exe" %d%

McAfee / Network Associates
"%ProgramFiles%\Network Associates\VirusScan\csscan.exe" /secure /quiet /log c:\log.txt %d%
"%ProgramFiles%\McAfee\VirusScan Enterprise\scan32.exe" /target %d%

Avast
"%ProgramFiles%\Alwil Software\Avast4\ashQuick.exe" %d% /a /c /i /p=1 /s /t=a –report

If you have additions or corrections for the above settings, please share them via the feedback link below.


Comments or feedback welcome.


Make a Free Website with Yola.