[Added] Autoruns - App-Request


  • Community Moderator

    Name of the app:
    Autoruns

    Developer:
    Sysinternals

    Website:
    https://docs.microsoft.com/de-de/sysinternals/

    Download Site:
    https://docs.microsoft.com/de-de/sysinternals/downloads/autoruns

    Version number displayed in the app:
    13.93

    App-Icon: (in ICO format)
    I still can not upload icon files

    Notes:

    • The icon is available in 48 x 48 pixel

    Here the information extracted from the 32-Bit EXE file:

    File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\Autoruns.exe
    Product Name:           Sysinternals autoruns
    Internal Name:          Sysinternals Autoruns
    Original Filename:      autoruns.exe
    
    File Description:       Autostart program viewer
    Company:                Sysinternals - www.sysinternals.com
    Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
    Legal Trademarks:       
    Comments:               
    
    File Version String:    13.93
    File Version:           13.93.0.0
    Product Version String: 13.93
    Product Version:        13.93.0.0
    

    Here the information extracted from the 64-Bit EXE file:

    File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\Autoruns64.exe
    Product Name:           Sysinternals autoruns
    Internal Name:          Sysinternals Autoruns
    Original Filename:      autoruns.exe
    
    File Description:       Autostart program viewer
    Company:                Sysinternals - www.sysinternals.com
    Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
    Legal Trademarks:       
    Comments:               
    
    File Version String:    13.93
    File Version:           13.93.0.0
    Product Version String: 13.93
    Product Version:        13.93.0.0
    

  • Community Moderator

    OK, I agree with you!
    Issue solved


  • VulnDetect Team Member

    @OLLI_S I may be wrong, but I would assume that people who download Sysinternals, more specifically, Autorunsc would know what CLI means.


  • Community Moderator

    Thank you, I see this.
    Would it be better to write Command Line instead of CLI (more user fiendly)?


  • VulnDetect Team Member

    @OLLI_S So, Autoruns (CLI) now added


  • Community Moderator

    Here the version info of Autorunsc x32

    File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc.exe
    Product Name:           Sysinternals autoruns
    Internal Name:          Sysinternals Autoruns
    Original Filename:      autoruns.exe
    
    File Description:       Autostart program viewer
    Company:                Sysinternals - www.sysinternals.com
    Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
    Legal Trademarks:       
    Comments:               
    
    File Version String:    13.93
    File Version:           13.93.0.0
    Product Version String: 13.93
    Product Version:        13.93.0.0
    

    Here the version info of Autorunsc x64

    File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc64.exe
    Product Name:           Sysinternals autoruns
    Internal Name:          Sysinternals Autoruns
    Original Filename:      autoruns.exe
    
    File Description:       Autostart program viewer
    Company:                Sysinternals - www.sysinternals.com
    Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
    Legal Trademarks:       
    Comments:               
    
    File Version String:    13.93
    File Version:           13.93.0.0
    Product Version String: 13.93
    Product Version:        13.93.0.0
    

    Important Note

    Autorunsc is the command-line version of Autoruns.
    So maybe you write Autorunsc (Autoruns Command Line)?


  • Community Moderator

    What about detecting Autorunsc as well?
    @Tom Do you need the version info from the EXE file?


  • Community Moderator

    Autoruns is detected by VulnDetect and the version number is also correct.
    Issue solved!


  • VulnDetect Team Member

    1 down X to go


  • VulnDetect Team Member

    @OLLI_S Yes, it looks that way... That's gonna be a looong day


  • Community Moderator

    I think you have to add each tool separate...



  • @Tom @OLLI_S After executing a sysinternal tool you have to accept an eula (for each tool!). Accepting this writes to the registry.



  • @Tom I don't think you will find something in the registry. It is only unpacking a zip file - no installation.


  • Community Moderator

    The suite is just a ZIP file containing all tools in one bundle.
    It is not installed, it is just unzipped to a target folder.
    And all tools of Sysinternals are portable tools, I think they don't write anything in the registry.

    So when a user downloads the complete suite and extracts it, then you only can detect each tool separate because there is no Launcher or other application where you see that it is the complete suite.
    There are only the single tools (as far as I know and as far as I can see).

    And what if the user downloads the entire suite but deletes some apps from the folder, that he does not need?
    Like he deletes all 32-Bit versions of those tool that also offer a 64-Bit version?
    And what if the user updates a single tool separate and does not download the complete suite again?
    For example a user updates Autoruns but some other tools are not updated by the user?

    In my opinion you only can detect each tool separate.

    Later when you support grouping you should show an entry called Sysinternals Suite and leave the version number empty.
    If I expand it, then I see each installed tool with the proper version number.
    This grouping should be shown when you have more than one tool of the suite.

    @Tom can start detecting some of those tools individually so later only groping is needed.


  • VulnDetect Team Member

    @Anselm I believe this will be a combination of one of the files and the registry. Probably quite similar to the K-Lite case. But, a quick a look in the registry did not reveal much. So I have to install it on a test system one of the coming days and investigate.



  • @Tom Yes, you should detect it as suite. But i am interested how you will do it.


  • Community Moderator

    @Tom and @Anselm
    The Sysinternals Suite is a ZIP-file that contains all Sysinternals Tools.
    You extract it into a folder of your choice and there are all tools in one folder.

    As far as I can see there is no separate launcher?
    So you have to detect each app separate.





  • @Tom I agree. But i think you will not find a version identifier for the suit. Maybe the newest program in the bundle?


  • VulnDetect Team Member

    @Anselm Exactly, and these are always a bit of an issue, since if we add all individual programs and the suite, then we will clutter your app list, until the day where we properly can handle bundled apps.

    So I guess that we will add detection for the suite soon and then postpone the individual apps until we can "bundle" it, what do you think?