We have a question about this QID. Our organization already has AutoRun disabled via GPO in HKLM and HKCU. Is this QID specifically targeting HKUsers\.Default?
If so, how have others resolved this? HKU\Default is the built-in system account for Windows and not affected by GPO. Or is setting it appropriately in GPO for Machine and User enough?
Is it a false detection in the event a scan is done when no user is logged on to the machine at the time of the scan done by our Vulnerability Management Team?
Thanks in Advance!