Startup Manager Autoruns 13 introduces Virustotal integration

While Autoruns may not be the most popular startup manager available for Windows, it is without the shadow of a doubt the one a complete package.

It enables you to go through all startup items of the system to assess and change them. Where most startup managers limit items to programs and sometimes services, Autoruns includes dynamic link libraries, drivers, network providers and a whole host of other items in its interface.

Autoruns 13 has just been released and with it comes integration of the online virus scanning service Virustotal.

If you follow Sysinternals tools updates you know that Autoruns is not the first program to get the integration. The process manager Process Explorer supports it as well for example.

You need to enable the scanning before it becomes available. This is done with a click on Options > Scan Options, and the checking of "Check Virustotal.com".

autoruns virustotal

You are asked to read the Virustotal Terms of Service which are loaded in the default web browser automatically.

If left at that, only hashes of files found on the local system are submitted to Virustotal. While that ensures that no files get uploaded to the service, it means that you won't get results for some files.



To be precise, you won't get a rating for any file unknown to Virustotal.

You can change that behavior by enabling the submit unknown images option on the scan options.

Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.

Read also:  TeamViewer 12 ships with faster file transfers

You find the ratings on the right side of the table after you have enabled it. You may need to scroll horizontally to display the rating depending on the window's width.

The software has a new Virustotal filter under options. You can enable it to only display items that have been flagged by Virustotal.

hide clean

All items with at least one hit are flagged which means that the list of items is limited to those that the virus scanning service reported as potentially malicious.

This can be combined further with other filters, for instance the hide all Microsoft entries filter.

Verdict

The integration of Virustotal in Autoruns makes as much sense as the integration of it in the process manager.

Items get scanned automatically once you enable the option which can provide you with additional information for your safety assessment.

Summary
Author Rating
no rating based on votes
Software Name
Autoruns
Operating System
Windows
Landing Page

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Startup Manager Autoruns 13 introduces Virustotal integration

  1. ilev January 30, 2015 at 9:27 am #

    Autoruns Portable 13.0 : http://portableapps.com/news/2015-01-29--autoruns-portable-13.0-released

  2. Uhtred January 30, 2015 at 1:22 pm #

    "Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking."

    is there an opportunity to manually veto the files selected for upload to virustotal, or does it have carte blanche rights once general approval given?

    • Martin Brinkmann January 30, 2015 at 3:18 pm #

      You cannot control that once you have enabled the feature. If you want control, I guess you need to upload unknown files manually to Virustotal instead then.

  3. Eli January 30, 2015 at 2:21 pm #

    Really wish they would save settings to an .ini file and not use the registry for all their products, ugh.

    • Mark January 30, 2015 at 3:44 pm #

      Wasn't this an option on older versions or am I remembering wrong? I think I used to have the whole Sysinternals suite in portable form.

  4. Uhtred January 30, 2015 at 7:12 pm #

    thanks Martin, think I'd have to disable the auto upload feature - probably a bit paranoid but just feels slightly wrong to allow it to upload anything on the pc it decides is worth investigation

  5. PhoneyVirus February 3, 2015 at 8:55 pm #

    Autoruns and Process Explorer are great utility's to have laying around, think I`m going to replace Process Hacker with Process Explorer, because it`s been over a year since they updated it. Plus their both Portable!

    Thanks for the Preview Martin

Leave a Reply