SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Added] Autoruns - App-Request

    Scheduled Pinned Locked Moved Added App Requests
    app-request
    24 Posts 3 Posters 9.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Anselm @Tom
      last edited by

      @Tom Yes, you should detect it as suite. But i am interested how you will do it.

      T 1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member @Anselm
        last edited by

        @Anselm I believe this will be a combination of one of the files and the registry. Probably quite similar to the K-Lite case. But, a quick a look in the registry did not reveal much. So I have to install it on a test system one of the coming days and investigate.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        A 1 Reply Last reply Reply Quote 0
        • OLLI_SO Offline
          OLLI_S Community Moderator
          last edited by OLLI_S

          The suite is just a ZIP file containing all tools in one bundle.
          It is not installed, it is just unzipped to a target folder.
          And all tools of Sysinternals are portable tools, I think they don't write anything in the registry.

          So when a user downloads the complete suite and extracts it, then you only can detect each tool separate because there is no Launcher or other application where you see that it is the complete suite.
          There are only the single tools (as far as I know and as far as I can see).

          And what if the user downloads the entire suite but deletes some apps from the folder, that he does not need?
          Like he deletes all 32-Bit versions of those tool that also offer a 64-Bit version?
          And what if the user updates a single tool separate and does not download the complete suite again?
          For example a user updates Autoruns but some other tools are not updated by the user?

          In my opinion you only can detect each tool separate.

          Later when you support grouping you should show an entry called Sysinternals Suite and leave the version number empty.
          If I expand it, then I see each installed tool with the proper version number.
          This grouping should be shown when you have more than one tool of the suite.

          @Tom can start detecting some of those tools individually so later only groping is needed.

          1 Reply Last reply Reply Quote 0
          • A Offline
            Anselm @Tom
            last edited by

            @Tom I don't think you will find something in the registry. It is only unpacking a zip file - no installation.

            1 Reply Last reply Reply Quote 0
            • A Offline
              Anselm
              last edited by

              @Tom @OLLI_S After executing a sysinternal tool you have to accept an eula (for each tool!). Accepting this writes to the registry.

              1 Reply Last reply Reply Quote 0
              • OLLI_SO Offline
                OLLI_S Community Moderator
                last edited by

                I think you have to add each tool separate...

                T 1 Reply Last reply Reply Quote 0
                • T Offline
                  Tom VulnDetect Team Member @OLLI_S
                  last edited by

                  @OLLI_S Yes, it looks that way... That's gonna be a looong day

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  1 Reply Last reply Reply Quote 0
                  • T Offline
                    Tom VulnDetect Team Member
                    last edited by

                    1 down X to go

                    /Tom
                    Download the latest SecTeer VulnDetect agent here:
                    https://vulndetect.com/dl/secteerSetup.exe

                    1 Reply Last reply Reply Quote 0
                    • OLLI_SO Offline
                      OLLI_S Community Moderator
                      last edited by

                      Autoruns is detected by VulnDetect and the version number is also correct.
                      Issue solved!

                      1 Reply Last reply Reply Quote 0
                      • OLLI_SO Offline
                        OLLI_S Community Moderator
                        last edited by OLLI_S

                        What about detecting Autorunsc as well?
                        @Tom Do you need the version info from the EXE file?

                        1 Reply Last reply Reply Quote 0
                        • OLLI_SO Offline
                          OLLI_S Community Moderator
                          last edited by OLLI_S

                          Here the version info of Autorunsc x32

                          File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc.exe
                          Product Name:           Sysinternals autoruns
                          Internal Name:          Sysinternals Autoruns
                          Original Filename:      autoruns.exe
                          
                          File Description:       Autostart program viewer
                          Company:                Sysinternals - www.sysinternals.com
                          Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
                          Legal Trademarks:       
                          Comments:               
                          
                          File Version String:    13.93
                          File Version:           13.93.0.0
                          Product Version String: 13.93
                          Product Version:        13.93.0.0
                          

                          Here the version info of Autorunsc x64

                          File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc64.exe
                          Product Name:           Sysinternals autoruns
                          Internal Name:          Sysinternals Autoruns
                          Original Filename:      autoruns.exe
                          
                          File Description:       Autostart program viewer
                          Company:                Sysinternals - www.sysinternals.com
                          Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
                          Legal Trademarks:       
                          Comments:               
                          
                          File Version String:    13.93
                          File Version:           13.93.0.0
                          Product Version String: 13.93
                          Product Version:        13.93.0.0
                          

                          Important Note

                          Autorunsc is the command-line version of Autoruns.
                          So maybe you write Autorunsc (Autoruns Command Line)?

                          T 1 Reply Last reply Reply Quote 0
                          • T Offline
                            Tom VulnDetect Team Member @OLLI_S
                            last edited by

                            @OLLI_S So, Autoruns (CLI) now added

                            /Tom
                            Download the latest SecTeer VulnDetect agent here:
                            https://vulndetect.com/dl/secteerSetup.exe

                            1 Reply Last reply Reply Quote 0
                            • OLLI_SO Offline
                              OLLI_S Community Moderator
                              last edited by

                              Thank you, I see this.
                              Would it be better to write Command Line instead of CLI (more user fiendly)?

                              T 1 Reply Last reply Reply Quote 0
                              • T Offline
                                Tom VulnDetect Team Member @OLLI_S
                                last edited by

                                @OLLI_S I may be wrong, but I would assume that people who download Sysinternals, more specifically, Autorunsc would know what CLI means.

                                /Tom
                                Download the latest SecTeer VulnDetect agent here:
                                https://vulndetect.com/dl/secteerSetup.exe

                                1 Reply Last reply Reply Quote 0
                                • OLLI_SO Offline
                                  OLLI_S Community Moderator
                                  last edited by

                                  OK, I agree with you!
                                  Issue solved

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                                  Please see our Privacy and Data Processing Policy
                                  Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                                  Forum software by NodeBB