Deleting an entry removes it permanently, and it's an irreversible action-there is no rollback or undo button. One of the core features of Autoruns is the ability to change Windows startup program settings that is, you can disable or completely delete an entry. Obviously, this feature requires an Internet connection. You can also analyze items one at a time by right-clicking an entry and choosing Check VirusTotal from the context menu. Suspicious files can be uploaded to VirusTotal for further analysis. As an additional visual indicator, the link is colored red if any engines flagged the file as suspicious. The VirusTotal column will contain a hyperlink. Autoruns uploads file hashes to the service, and returns the number of antivirus engines that flagged the file. You can analyze all entries by enabling Check in the Scan Options dialog box and rescanning. VirusTotal analysis ^Īs mentioned above, Autoruns can scan all entries with VirusTotal, a free web service that allows you to analyze a file using over 50 antivirus engines. This requires the entries to be scanned first by VirusTotal otherwise, the hide option does nothing. The last option is Hide VirusTotal Clean Entries, which hides all entries marked as safe by VirusTotal. You can also hide all Microsoft entries, which refers to entries in which Microsoft Corporation is the publisher. Windows services are part of Windows entries Under normal conditions, it's not really useful to have them visible. Don't be surprised the list of Windows entries is quite large. You can unhide them by deselecting the Hide Windows entries in the Options. Under Windows entries, you can imagine services, scheduled tasks, drivers, etc. Jump To Image-Opens a Windows Explorer folder with the location of the target image.īy default, Autoruns hides empty ASEP locations and Windows entries.Jump To Entry-Opens the location where the Autostart entry is configured, for example, a specific registry key.This can occur, for example, if a new program is installed while Autoruns is running.Īnother useful feature is the context menu, which allows several actions, such as deleting an entry. Green-Indicates an entry that was added after the last Autoruns scan.Purple-Indicates the location of an entry, such as Task Scheduler.Pink-Indicates a suspicious entry, one without a publisher or description or with an invalid image signature.Yellow-Indicates a File not found entry whose target isn't found in the expected location.It's best to use the Quick filter on the Everything tab as it searches all ASEP types.Īs you can see in the screenshot, Autoruns uses several highlight colors: Just type a few characters, which can be present in any field of an entry, and proper results are shown. It's a full-text filter and works really well. If you are looking for a particular entry, use the Quick filter at the ribbon. The Sysinternals Autoruns Everything tab is a single page view of all entries
0 kommentar(er)
