Startup Manager Autoruns 13 introduces Virustotal integration
While Autoruns may not be the most popular startup manager available for Windows, it is without the shadow of a doubt the one a complete package.
It enables you to go through all startup items of the system to assess and change them. Where most startup managers limit items to programs and sometimes services, Autoruns includes dynamic link libraries, drivers, network providers and a whole host of other items in its interface.
Autoruns 13 has just been released and with it comes integration of the online virus scanning service Virustotal.
If you follow Sysinternals tools updates you know that Autoruns is not the first program to get the integration. The process manager Process Explorer supports it as well for example.
You need to enable the scanning before it becomes available. This is done with a click on Options > Scan Options, and the checking of "Check Virustotal.com".
You are asked to read the Virustotal Terms of Service which are loaded in the default web browser automatically.
If left at that, only hashes of files found on the local system are submitted to Virustotal. While that ensures that no files get uploaded to the service, it means that you won't get results for some files.
To be precise, you won't get a rating for any file unknown to Virustotal.
You can change that behavior by enabling the submit unknown images option on the scan options.
Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.
You find the ratings on the right side of the table after you have enabled it. You may need to scroll horizontally to display the rating depending on the window's width.
The software has a new Virustotal filter under options. You can enable it to only display items that have been flagged by Virustotal.
All items with at least one hit are flagged which means that the list of items is limited to those that the virus scanning service reported as potentially malicious.
This can be combined further with other filters, for instance the hide all Microsoft entries filter.
The integration of Virustotal in Autoruns makes as much sense as the integration of it in the process manager.
Items get scanned automatically once you enable the option which can provide you with additional information for your safety assessment.
Autoruns Portable 13.0 : http://portableapps.com/news/2015-01-29–autoruns-portable-13.0-released
“Autoruns will submit the file hash first but if Virustotal returns an unknown, the file itself will be uploaded to the service for checking.”
is there an opportunity to manually veto the files selected for upload to virustotal, or does it have carte blanche rights once general approval given?
You cannot control that once you have enabled the feature. If you want control, I guess you need to upload unknown files manually to Virustotal instead then.
Really wish they would save settings to an .ini file and not use the registry for all their products, ugh.
Wasn’t this an option on older versions or am I remembering wrong? I think I used to have the whole Sysinternals suite in portable form.
thanks Martin, think I’d have to disable the auto upload feature – probably a bit paranoid but just feels slightly wrong to allow it to upload anything on the pc it decides is worth investigation
Autoruns and Process Explorer are great utility’s to have laying around, think I`m going to replace Process Hacker with Process Explorer, because it`s been over a year since they updated it. Plus their both Portable!
Thanks for the Preview Martin