Making sense of Cyber Essentials – AutoRun and AutoPlay

By Jason McNicholas

Cyber Essentials Assessor

There is often a lot of confusion about the ‘AutoRun’ and ‘AutoPlay’ features of the Windows Operating System.

Both features relate to the behaviour of a computer when removable media is inserted, however these features are completely independent of each other.

Note that none of these functions have anything to do with the automatic running of executable files downloaded from the internet.

AutoRun is a feature that reads the ‘AutoRun.ini’. This is a configuration file that is found in the root area of removable media and makes the computer behave according to the instructions provided in it (such as running a program, installer or playing a video). Disabling this is one way that automatic running of untrusted programs from removable media can be prevented inline with Cyber Essentials requirements.

Disabling AutoRun ensures that when removable media is inserted, nothing will happen automatically.

AutoPlay uses the AutoRun settings. This means that if AutoPlay is enabled, the AutoRun feature does nothing automatically and options are shown in the AutoPlay Window (play movies, show images etc)

AutoPlay can be further configured to set a default action for removable media.

If AutoPlay is enabled, the automatic running of untrusted programs is prevented assuming the AutoPlay settings are left as default.

Click Cyber Essentials to download the latest version of the Cyber Essentials Questionnaire