Startup Manager Autoruns 13 introduces Virustotal integration - gHacks Tech News

Startup Manager Autoruns 13 introduces Virustotal integration

While Autoruns may not be the most popular startup manager available for Windows, it is without the shadow of a doubt the one a complete package.

It enables you to go through all startup items of the system to assess and change them. Where most startup managers limit items to programs and sometimes services, Autoruns includes dynamic link libraries, drivers, network providers and a whole host of other items in its interface.

Autoruns 13 has just been released and with it comes integration of the online virus scanning service Virustotal.

If you follow Sysinternals tools updates you know that Autoruns is not the first program to get the integration. The process manager Process Explorer supports it as well for example.

You need to enable the scanning before it becomes available. This is done with a click on Options > Scan Options, and the checking of "Check Virustotal.com".

autoruns virustotal

You are asked to read the Virustotal Terms of Service which are loaded in the default web browser automatically.

If left at that, only hashes of files found on the local system are submitted to Virustotal. While that ensures that no files get uploaded to the service, it means that you won't get results for some files.

To be precise, you won't get a rating for any file unknown to Virustotal.

You can change that behavior by enabling the submit unknown images option on the scan options.

Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.

You find the ratings on the right side of the table after you have enabled it. You may need to scroll horizontally to display the rating depending on the window's width.

The software has a new Virustotal filter under options. You can enable it to only display items that have been flagged by Virustotal.

hide clean

All items with at least one hit are flagged which means that the list of items is limited to those that the virus scanning service reported as potentially malicious.

This can be combined further with other filters, for instance the hide all Microsoft entries filter.

Verdict

The integration of Virustotal in Autoruns makes as much sense as the integration of it in the process manager.

Items get scanned automatically once you enable the option which can provide you with additional information for your safety assessment.

Summary
software image
Author Rating
1star1star1star1star1star
no rating based on 0 votes
Software Name
Autoruns
Operating System
Windows
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on January 30, 2015 at 9:27 am
    Reply
  2. Uhtred said on January 30, 2015 at 1:22 pm
    Reply

    “Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.”

    is there an opportunity to manually veto the files selected for upload to virustotal, or does it have carte blanche rights once general approval given?

    1. Martin Brinkmann said on January 30, 2015 at 3:18 pm
      Reply

      You cannot control that once you have enabled the feature. If you want control, I guess you need to upload unknown files manually to Virustotal instead then.

  3. Eli said on January 30, 2015 at 2:21 pm
    Reply

    Really wish they would save settings to an .ini file and not use the registry for all their products, ugh.

    1. Mark said on January 30, 2015 at 3:44 pm
      Reply

      Wasn’t this an option on older versions or am I remembering wrong? I think I used to have the whole Sysinternals suite in portable form.

  4. Uhtred said on January 30, 2015 at 7:12 pm
    Reply

    thanks Martin, think I’d have to disable the auto upload feature – probably a bit paranoid but just feels slightly wrong to allow it to upload anything on the pc it decides is worth investigation

  5. PhoneyVirus said on February 3, 2015 at 8:55 pm
    Reply

    Autoruns and Process Explorer are great utility’s to have laying around, think I`m going to replace Process Hacker with Process Explorer, because it`s been over a year since they updated it. Plus their both Portable!

    Thanks for the Preview Martin

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.