Autoruns 14.0 Has a Dark Theme

OldGuyFromCdn said:

Autoruns ...

If you subscribe to this thread you'll get notified when there is a new MS SysInternals Suite release.
Attn. Devs: Sysinternals had some major updates - TenForums

All the best,
Denis

Same as Denis. Open/close/open and all appears normal.

AutoRuns Help explains much of its colour-coding
- Scan Options - explains light red
- Comparing to Saved Results - explains green & red

Yellow entries mean, I believe, 'Item not found' but that is not stated in Help or any other SysInternals source that I have found.
- 'Item not found' can be falsely reported so always needs checking.
- AutoRuns often has a problem, for example, finding Registry entries with spaces in their paths.

For example, it accidentally goes to

Code:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies

almost every time that it tries to go to

Code:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Command Processor

so it marks that in yellow even though the entry is present in its correct location.

Denis

I can't get the Virus Total column to populate and many Microsoft tasks are shown when these should be hidden. These are probably bugs so I'm reverting to the previous version which worked correctly (13.98). I also don't like the dark theme.

I performed some further testing and it appears that opening and closing Autoruns v14 a few times seems to populate the Database correctly. Maybe it is just a glitch that will be sorted out in the future in the next version.

@Ghot, if you have some spare time, perhaps you could also test this theory to see if your missing files show up.

@Paul Black

Update:

After more testing, I've seen...

1. Autoruns 14.0 punched a hole through my Bitdefender firewall, all by itself.
2. Rebooted, opened and closed Autoruns 14.0 about 20 times.
3. When searching for "windows defender"... ONE time I got all 5 entries by switching User to NT AUTHORITY/SYSTEM
4. Then Autoruns 14.0 called home and next time I ran it, was back to only showing 2 entries.
5. No matter what I tried.. I can't get all 5 entries anymore.


ALL testing was done searching for the same phrase windows defender.
Here's the problem... the two "mps...." entries have to be UNchecked to STOP Windows Defender. To make it possible to "Disable" the Defender Services, in "Services".
One is a driver, and the other is a .dll file.

My guess is that Microsoft doesn't want folks stopping Defender. So they are playing silly buggers with the Autoruns results.
Sort of like they did with Defender's results, concerning some 3rd party programs.

All versions up to and including 13.100 seems to work fine. Aka, no cheating.




Autoruns 13.100

Hello @Ghot,

Ghot said:

All versions up to and including 13.100 seems to work fine. Aka, no cheating.

Excellent and thorough investigation, information, and results as usual. I will perform some more testing on this over the weekend and report my results.

At present, as we BOTH seem to agree on, I will be sticking with v13.100 for now.