New
#11
If you subscribe to this thread you'll get notified when there is a new MS SysInternals Suite release.
Attn. Devs: Sysinternals had some major updates - TenForums
All the best,
Denis
If you subscribe to this thread you'll get notified when there is a new MS SysInternals Suite release.
Attn. Devs: Sysinternals had some major updates - TenForums
All the best,
Denis
AutoRuns Help explains much of its colour-coding
- Scan Options - explains light red
- Comparing to Saved Results - explains green & red
Yellow entries mean, I believe, 'Item not found' but that is not stated in Help or any other SysInternals source that I have found.
- 'Item not found' can be falsely reported so always needs checking.
- AutoRuns often has a problem, for example, finding Registry entries with spaces in their paths.For example, it accidentally goes to
almost every time that it tries to go toCode:HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies
so it marks that in yellow even though the entry is present in its correct location.Code:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Command Processor
Denis
I can't get the Virus Total column to populate and many Microsoft tasks are shown when these should be hidden. These are probably bugs so I'm reverting to the previous version which worked correctly (13.98). I also don't like the dark theme.
To see more entries click the Blue Windows icon above in the toolbar.
I performed some further testing and it appears that opening and closingAutoruns v14
a few times seems to populate the Database correctly. Maybe it is just a glitch that will be sorted out in the future in the next version.
@Ghot, if you have some spare time, perhaps you could also test this theory to see if your missing files show up.
@Paul Black
Update:
After more testing, I've seen...
1. Autoruns 14.0 punched a hole through my Bitdefender firewall, all by itself.
2. Rebooted, opened and closed Autoruns 14.0 about 20 times.
3. When searching for "windows defender"... ONE time I got all 5 entries by switching User to NT AUTHORITY/SYSTEM
4. Then Autoruns 14.0 called home and next time I ran it, was back to only showing 2 entries.
5. No matter what I tried.. I can't get all 5 entries anymore.
ALL testing was done searching for the same phrase windows defender.
Here's the problem... the two "mps...." entries have to be UNchecked to STOP Windows Defender. To make it possible to "Disable" the Defender Services, in "Services".
One is a driver, and the other is a .dll file.
My guess is that Microsoft doesn't want folks stopping Defender. So they are playing silly buggers with the Autoruns results.
Sort of like they did with Defender's results, concerning some 3rd party programs.
All versions up to and including 13.100 seems to work fine. Aka, no cheating.
Autoruns 13.100