Panda usb vaccine not working in 24H2

QuicktellPro · Jul 5, 2025

Hazel123 said:
Good idea. I can't see Microsoft making an exception for a little program like that in 25H2 somehow though But it's possible.

I meant that maybe they will have fixed whatever it is that is causing older programs not to run properly because there are indeed many.

Hazel123 · Jul 5, 2025

kelper said:
You can always scan the USB manually. Most AVs will intercept malware on a USB only when it executes.

Yes and I do sometimes but this thing I had before was too fast for anything like that - it was instasnt as soon as the usb was in. That experience led to me using the Panda USB vaccine and I've used it ever since. If you don't tinker with other old laptops from different people, it probably isn't necessary! But there are still some nasties out there in the wild.

And this one got passed to a Windows 10 laptop only about 7 or 8 years ago.

Hazel123 · Jul 5, 2025

QuicktellPro said:
I meant that maybe they will have fixed whatever it is that is causing older programs not to run properly because there are indeed many.

Thank you, yes I hope they do, if there are many issues like this - going back to 23H2 for now is an option. I just assumed it was a deliberate thing! Like removing wordpad and how windows 7 games used to get removed.

garlin · Jul 5, 2025

After some background research on Panda USB Vaccine, it's less mystifying than it appears.

1. Host protection is done by updating a reg (confirmed by RegistryChangesView):

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

2. USB autorun protection is done by creating a hidden file named AUTORUN_.INF, that has the Reserved attribute enabled. Panda is directly hacking the attribute byte on the FAT32 disk volume to set the flag, bypassing normal Windows which can't touch it.

If you have a (hex) disk editor, you can modify itself yourself, but I wouldn't do it unless you had a freshly formatted USB drive.

Hazel123 · Jul 5, 2025

Thank you! I actually just asked Open AI as well and it said it could write a script that could do the same thing

Not sure I'd want to try that though. It was talking about making a file in Windows C: Root and adding a script to that.

What is hex disk editor? But yes I do have a freshly formatted usb stick

garlin · Jul 5, 2025

Hazel123 said:
Thank you! I actually just asked Open AI as well and it said it could write a script that could do the same thing Not sure I'd want to try that though. It was talking about making a file in Windows C: Root and adding a script to that.

What is hex disk editor? But yes I do have a freshly formatted usb stick

It edits an entire file (or disk volume) as one continuous stream of binary (or hexadecimal) byte data. Typically you need to know which exact bytes, and in which exact locations to edit.

But I found an even clearer article that duplicates USB Vaccine's work using CMD:
How To Immunize USB Flash Drive Against Autorun Viruses

Do this step on each fresh USB drive, and apply the reg file from above and you're basically there except for the "hiding on the systray" feature.

BamaInArk · Jul 5, 2025

Last updated October 8, 2009? Time to move on!

Hazel123 · Jul 5, 2025

BamaInArk said:
Last updated October 8, 2009? Time to move on!

I'm not convinced

And what harm is there in securing usb drives? Edit - control panel probably hasn't been updated since 2009 either

Hazel123 · Jul 5, 2025

garlin said:
It edits an entire file (or disk volume) as one continuous stream of binary (or hexadecimal) byte data. Typically you need to know which exact bytes, and in which exact locations to edit.

But I found an even clearer article that duplicates USB Vaccine's work using CMD:
How To Immunize USB Flash Drive Against Autorun Viruses

Do this step on each fresh USB drive, and apply the reg file from above and you're basically there except for the "hiding on the systray" feature.

This is what comes up on ninja pendisk when a usb drive is inserted - seems similar.

garlin · Jul 5, 2025

The posted article goes further than your snippet. It creates a subfolder using a reserved (no-no) named "CON". Windows Explorer and most API calls parse CON as the virtual device name for console (CON:).

Because any real malware isn't going to be fooled by changing the folder attributes to System / Hidden / Reserved. If you know that trick, the malware folks know it better than you.

Hazel123 · Jul 5, 2025

So a query - some drives are already vaccinated with Panda - ie ones I don't want to format. Would using Ninja pendisk on them as well cause an issue? ie would it get done twice?

TairikuOkami · Jul 5, 2025

Hazel123 said:
And what harm is there in securing usb drives?

Autorun was disabled in 10, so unless you are using XP, 7 or Vista , it does not really do anything.
Autorun is not quite the same thing as Autoplay. MS has disabled it by an update long time ago.

Hazel123 · Jul 5, 2025

TairikuOkami said:
Autorun was disabled in 10, so unless you are using XP, 7 or Vista , it does not really do anything.
Autorun is not quite the same thing as Autoplay. MS has disabled it by an update long time ago.

Well I had a usb virus/worm jump to a Windows 10 computer! Hence I like to keep using the usb vaccine.

Hazel123 · Jul 5, 2025

garlin said:
The posted article goes further than your snippet. It creates a subfolder using a reserved (no-no) named "CON". Windows Explorer and most API calls parse CON as the virtual device name for console (CON:).

Because any real malware isn't going to be fooled by changing the folder attributes to System / Hidden / Reserved. If you know that trick, the malware folks know it better than you.

So would it be possible to automate the example given on that page? Rather than do it manually each time?

garlin · Jul 5, 2025

Not sure about automating, but you call do this in a batch file as Administrator:

Immunize.bat D:
Immunize.bat D

Doesn't matter if you forgot the colon after the drive letter.

Code:

if "%~1"=="" exit /b 0

set "DRIVE=%1"
set "DRIVE=%DRIVE::=%"

if not exist %DRIVE%:\ (
    echo No drive %DRIVE% exists.
    exit /b 0
)

set "FOLDER=%DRIVE%:\autorun.inf"

del %FOLDER% /y
mkdir %FOLDER%
mkdir %FOLDER%\con\
attrib +h +r +s +a %FOLDER%

Hazel123 · Jul 5, 2025

Just found that even if a drive is "vaccinated" by Panda - if I put it in my other machine (with Ninja pendisk), Ninja Pendisk vaccinates it again. Curious to know if it just overwrites what Panda did or adds something as well.

So the difference is, Panda includes the .con file (it seems - according to that article) and Ninja Pendisk doesn't.

Hazel123 · Jul 5, 2025

I found this comment on the site below from 2012 (it refers to the fact the Bitdefender one (which is no longer available) can be bypassed) - but mainly explains why Panda USB vaccine wasn't updated. Because it worked.

"We have not updated Panda USB Vaccine in a long time because it works very good. Maybe DB has to update its vaccine because it is easily bypassed.

I don't have the time to do this again (I did it already some months ago), but I'm sure you can easily bypass BD yourself with a 2 or 3 liner cmd batch file to unhide and delete the BD "vaccine" (if it can be called that). Then try to do the same thing with Panda and you will see if won't work.

PS: we don't sell nor make any money out of Panda USB Vaccine. We thought it would help the community by giving it away for free, so the comment about being biased is really not correct. If you want the most secure solution, use Panda. If you want a lesser protection, use BD. Whichever you use I don't really care, I'm just giving you the facts."

Panda USB Vaccine or Bitdefender USB Immunizer

Panda USB Vaccine or Bitdefender USB Immunizer: In the near future, I will need to vaccinate around twenty (20) USB Flash Drives for use at work....

www.wilderssecurity.com

Porthos · Jul 5, 2025

I hold the shift button when inserting a USB into a running Windows system.
If booting from one, that is a function of BIOS and not an issue.

TraderGary · Jul 5, 2025

Porthos said:
I hold the shift button when inserting a USB into a running Windows system.
If booting from one, that is a function of BIOS and not an issue.

I learn something new every day on this forum. Holding the shift key down while inserting a USB drive temporarily disables the AutoPlay feature, which is basically what the Panda USB Vaccine is doing. Cool!

hdmi · Jul 6, 2025

On Windows 11 by default, AutoPlay is enabled but the AutoRun feature that is responsible for opening the (potentially malicious) Autorun.inf file automatically upon media insertion [if the medium in question has a root directory with an Autorun.inf file stored in it] is not configured. I.e., just like all the other AutoPlay options, by default this option is set to "Choose a default". (See the "Software" category at the bottom of the screenshot in this tutorial.) So, in essence, as long as you haven't changed this "Software" setting to "Install or run program from your media", whenever you insert a USB flash drive, Windows 11 neither will install nor will run the Autorun.inf file that could potentially leverage a spyware, adware, virus, worm, trojan, backdoor, ransomware, or other type of malware. However, also be aware that some USB devices are specially designed to look like USB flash drives, and some USB cables are specially designed to look like normal (data and/or charging) USB cables. To name only one example of this: USB Rubber Ducky.

Panda usb vaccine not working in 24H2

Member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Microsoft 365 Basic

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Stock Market Wizard

My Computer

Jack of all trades – master of none

My Computers