Cyber Essentials
DashboardSign Out

Lesson 5.5 — Auto-run and automatic execution: stopping files running without user authorisation

This lesson helps the learner understand and control auto-run and automatic execution features.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • identify where auto-run or automatic execution could occur
  • confirm whether risky auto-run behaviour is disabled
  • collect appropriate evidence
  • record gaps that need to be carried into malware protection
  • software control
  • browser configuration or endpoint management.

Why This Matters

It explains why files, scripts, installers, macros, removable media and downloaded content should not execute without user authorisation, and how to create evidence that risky auto-run behaviour has been disabled or controlled.

The most common problems are:

  • assuming auto-run only means USB drives;
  • ignoring downloaded files;
  • ignoring browser behaviour;
  • ignoring email attachments;

The Core Rule

Cyber Essentials expects organisations to disable auto-run features that allow file execution without user authorisation.

This includes risks from downloads, removable media, scripts, macros, installers, email attachments, startup items and shared folders.

What the CE Assessor Looks For

A strong position shows:

  • auto-run from removable media is disabled or controlled;
  • downloaded files do not execute automatically;
  • browser download settings are controlled;
  • risky attachment types are blocked or controlled;
  • macros are disabled or restricted unless required;
  • scripts are controlled and trusted where required;

Common Mistakes

  • assuming auto-run only means USB drives;
  • ignoring downloaded files;
  • ignoring browser behaviour;
  • ignoring email attachments;
  • ignoring macros;
  • ignoring scripts and command files;

Copy This

Keep this rule visible:

Files should not execute automatically just because they arrive.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] What does Cyber Essentials require regarding auto-run?
  • [ ] What is the practical rule for this lesson?
  • [ ] Why is auto-run risky?
  • [ ] Does auto-run only refer to USB drives?
  • [ ] What is the difference between opening a file and auto-running code?

Your Action

Do this now — it takes 10–20 minutes.

Check that AutoRun and AutoPlay are disabled on Windows devices. Check at least one device per OS type. Record in Section SC.

Key Takeaway

Files should not execute automatically just because they arrive.

Your Workbook Activity

Complete: Auto-run and automatic execution control record

Next Lesson

In the next lesson: Authentication before access: making sure users prove who they are before accessing organisational data or services

Up next

Authentication before access

Ensure users authenticate before accessing organisational services, data, or managed environments.