New
#101
Ah, no, I didn't - that must be the issue then. Thanks
I've done too many reboots today, so I'll save this test for another day. I presume you will be testing it since you mentioned the bug with 14.04
EDIT:
@RickC,
Maybe you can shed some light on this ........ when I make a change with Autoruns, the registry gets/got immediately updated. When I exit and re-enter Autoruns, it's showed the modified registry setting - which is different from the setting in the original file I saved - so why wouldn't the compare immediately catch this difference without a reboot?
I used Autoruns to jump to the registry key to confirm it the registry actually changed. This was something that wasn't working for me in v14.03, but works in v14.05.
1. Ran Autoruns and saved ARN file.
2. Rebooted. Windows 10 shows 'Configuring new updates' WTH!
3. Ran Autoruns and used Compare to point to previously saved ARN file... nothing, just a blank Autoruns Entry pane.
4. Used Compare again and pointed to same previously saved ARN file... success, now shows changed entries (highlit in bright red) in Autoruns Entry pane.
5. Clicked Refresh... changed entries now show clearly in Autoruns Entry pane but without the previous red highlighting).
6. Clicked on File in the menu.. File options appeared but all distorted. All I could see was the first letter of each option. Scrolled across other menubar entries and it was the same... just the first letter of each option showing.
7. Took screenshot using PrtScr key.
8. Pasted into Paint (Windows Accessories, not Paint3D). The paste just showed a completely black screen.
9. Tried again... the paste into Paint just shows completely black screen.
Conclusion... I need to do a clean install of my test laptop. It's impossible to tell whether Autoruns 14.05 is borked or whether the unexpected Windows 10 update borked Autoruns. (Sometimes I just hate Microsoft.)
EDIT: Just went to shut laptop down and it's showing 'Update and shut down' and 'Update and restart' options. WTH is going on? Oh... got it. I totally forgot about Patch Tuesday. I'm going to do a clean install then lock it down completely from Windows Borkdate.
To answer your question... my understanding is that most (not all) changes to HKCU are dynamic (the registry is immediately updated) but changes to HKLM are not (just 'pending'), because they are system-wide. So, as a rule of thumb, I prefer to do a reboot so the entire registry is reread. It's just safer that way.
Hope this helps...
So, I now have a Windows 10 Pro 21H1 19043.1288 clean install, fully patched and with no pending Windows Updates. So... back to testing Autoruns.
1. I ran Autoruns 14.05 (as 'Administrator'), removed all entries from the top two categories (HKCU\...\Run and HKLM\...\Run) and saved an ARN file.
2. Rebooted.
3. I ran Autoruns again and used Compare to point to the previously saved ARN file… the Autoruns Entry pane showed a Services entry (under Everything) and nothing else. I took a screenshot using PrtScr.
However the entry couldn't be expanded and clicking on it made it disappear... leaving a completely blank Autoruns Entry pane.
4. I used Compare again and pointed to the same previously saved ARN file… This time the Open Autruns File to Compare 'browse' dialog was completely blank except for a dropdown selector and a button that showed Open 6. Worse, PrtScr had stopped working... but I managed to get a screenshot using ALT+PrtScr.
5. I clicked on File in the menu. The File options list was completely empty! I tried PrtScr but this didn't work (and ALT+PrtScr just undid the focus on File). I clicked on File again and this time the File entries just showed the first letter. I managed to get a screenshot using timer mode of the Snipping Tool.
6. I closed and re-opened Autoruns then tried Compare again... and it finally worked, but showed many more changes than the ones I had made to the two Run keys. I assume this is the residual effects of the Patch Tuesday Cumulative Update.
Conclusion... 14.05 is *not* fixed. If anything it's worse than 14.04 and I'll be sticking with 13.98.
Hope this helps...
Last edited by RickC; 14 Oct 2021 at 06:33.
Rick,
Your meticulous experimentation & reporting is admirable. Too bad you don't work for MS SysInternals.
This whole discussion has destroyed my confidence in MS SysInternals. We've had to revert back several AutoRuns versions to v13.98 [from April of last year] to avoid faults.
- AutoRuns is amongst the most easily tested SysInternals utilities.
- What if the problems we've been discussing are mirrored in their other utilities, ones we'd be hoping to rely on in a crisis?
All the best,
Denis
Many thanks for your kind words, Denis.
I think the rot set in when Mark Russinovich moved to MS' Azure division. Since then the quality of the Sysinternals utilities that I use - mainly Process Monitor and Autoruns - has plummeted. Whoever is now responsible was admirably quick to address the bug in 14.04 when it was reported. Such a shame that 14.05 shows no improvement... and awful that 14.04 was itself a bug fix.
Giving the benefit of the doubt, I would like to think that it was 14.05's interaction with Patch Tuesday's Cumulative Update (KB5006670) that proved its undoing. However, Patch Tuesday is a regular phenomenon and common sense would seem to suggest delaying the release of 14.05 for a day or two until it was thoroughly tested before rushing it out.Autoruns v14.04 – This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.
I suspect the real impetus was to rush the bugfix out before today's Sysinternals 25th Anniversary event - hosted by Mark Russinovich... in which case - an own goal IMO.
Perhaps I'm wrong, but with the same sort of ongoing issues with Process Monitor I too have lost most, if not all, faith in the Sysinternals suite... which is a huge shame.