[Added] Autoruns - App-Request

OLLI_S

I sent the icon right now by email.

Tom

Sysinternals... That is certainly something we want to detect. But I think I have to play around with this one and add detection for the entire suite, rather than the individual programs at this point.
So I will leave it open for now.

Anselm

@Tom It is a suite, but the programs also can be installed separately.

OLLI_S

@Anselm is right, you can install the entire suite but you can also install (just extract an ZIP and use it without installation) each app individually.
This is the reason why each app has its own download link.

Tom

@Anselm Exactly, and these are always a bit of an issue, since if we add all individual programs and the suite, then we will clutter your app list, until the day where we properly can handle bundled apps.

So I guess that we will add detection for the suite soon and then postpone the individual apps until we can "bundle" it, what do you think?

Anselm

@Tom I agree. But i think you will not find a version identifier for the suit. Maybe the newest program in the bundle?

Anselm

@Tom FYI: https://docs.microsoft.com/en-us/sysinternals/downloads/

OLLI_S

@Tom and @Anselm
The Sysinternals Suite is a ZIP-file that contains all Sysinternals Tools.
You extract it into a folder of your choice and there are all tools in one folder.

As far as I can see there is no separate launcher?
So you have to detect each app separate.

Anselm

@Tom Yes, you should detect it as suite. But i am interested how you will do it.

Tom

@Anselm I believe this will be a combination of one of the files and the registry. Probably quite similar to the K-Lite case. But, a quick a look in the registry did not reveal much. So I have to install it on a test system one of the coming days and investigate.

OLLI_S

The suite is just a ZIP file containing all tools in one bundle.
It is not installed, it is just unzipped to a target folder.
And all tools of Sysinternals are portable tools, I think they don't write anything in the registry.

So when a user downloads the complete suite and extracts it, then you only can detect each tool separate because there is no Launcher or other application where you see that it is the complete suite.
There are only the single tools (as far as I know and as far as I can see).

And what if the user downloads the entire suite but deletes some apps from the folder, that he does not need?
Like he deletes all 32-Bit versions of those tool that also offer a 64-Bit version?
And what if the user updates a single tool separate and does not download the complete suite again?
For example a user updates Autoruns but some other tools are not updated by the user?

In my opinion you only can detect each tool separate.

Later when you support grouping you should show an entry called Sysinternals Suite and leave the version number empty.
If I expand it, then I see each installed tool with the proper version number.
This grouping should be shown when you have more than one tool of the suite.

@Tom can start detecting some of those tools individually so later only groping is needed.

Anselm

@Tom I don't think you will find something in the registry. It is only unpacking a zip file - no installation.

Anselm

@Tom @OLLI_S After executing a sysinternal tool you have to accept an eula (for each tool!). Accepting this writes to the registry.

OLLI_S

I think you have to add each tool separate...

Tom

@OLLI_S Yes, it looks that way... That's gonna be a looong day

Tom

1 down X to go

OLLI_S

Autoruns is detected by VulnDetect and the version number is also correct.
Issue solved!

OLLI_S

What about detecting Autorunsc as well?
@Tom Do you need the version info from the EXE file?

OLLI_S

Here the version info of Autorunsc x32

File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc.exe
Product Name:           Sysinternals autoruns
Internal Name:          Sysinternals Autoruns
Original Filename:      autoruns.exe

File Description:       Autostart program viewer
Company:                Sysinternals - www.sysinternals.com
Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
Legal Trademarks:       
Comments:               

File Version String:    13.93
File Version:           13.93.0.0
Product Version String: 13.93
Product Version:        13.93.0.0

Here the version info of Autorunsc x64

File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc64.exe
Product Name:           Sysinternals autoruns
Internal Name:          Sysinternals Autoruns
Original Filename:      autoruns.exe

File Description:       Autostart program viewer
Company:                Sysinternals - www.sysinternals.com
Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
Legal Trademarks:       
Comments:               

File Version String:    13.93
File Version:           13.93.0.0
Product Version String: 13.93
Product Version:        13.93.0.0

Important Note

Autorunsc is the command-line version of Autoruns.
So maybe you write Autorunsc (Autoruns Command Line)?

Tom

@OLLI_S So, Autoruns (CLI) now added