Evading Autoruns, or: don’t rely solely on Autoruns for security

Discussion in 'Windows OS and Software' started by Papusan, Nov 6, 2017.

  1. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    6,479
    Messages:
    14,901
    Likes Received:
    19,854
    Trophy Points:
    931
    Evading Autoruns, or: don’t rely solely on Autoruns for security-Ghacks.net

    Autoruns is a popular program for Windows to analyze all the different files, programs, and other items that run on system startup.

    "It is probably the most used tool for that purpose, and includes lots of nice to have features such as scanning files on Virustotal, hiding Microsoft entries, or management of autorun files to disable or delete items directly from within the program."

    "One of the issues that arises in Autoruns is that many users have configured the program to hide Microsoft entries as they are considered save by many. The problem is that hiding Microsoft entries may hide these command constructs.


    As far as things are concerned that you may do to make it more difficult for attackers to hide something, the following is helpful:

    1. Don't hide Microsoft and Windows entries in Autoruns. You find the option under Options > Hide Microsoft Entries and Options > Hide Windows entries. This displays more data, but it is important to see it from a security point of view.
    2. Enable the "verify code signatures" and "check virustotal.com" options in Options > Scan Options.
    3. Review any cmd.exe, pcalua, or SyncAppvPublishingService entries.
    4. Go through all entries and look for nested commands (may be easier to use the command line options to enumerate all and use find operations to go through the listing).
     
    Last edited: Nov 6, 2017
    Vasudev likes this.
  2. StormJumper

    StormJumper Notebook Virtuoso

    Reputations:
    491
    Messages:
    3,000
    Likes Received:
    334
    Trophy Points:
    151
    Are we talking about Windows AutoRun or something else here? If this is the Windows AutoRun I just disable it in Window 10 settings and then you can to the drive or USB and see what is all there. It's not that hard I did it and when I want to run the .exe then I choose to run it not let it go Wild.
     
  3. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    6,479
    Messages:
    14,901
    Likes Received:
    19,854
    Trophy Points:
    931
    We talk about This tool (or I misundestood your Q)
    [​IMG]
     
  4. StormJumper

    StormJumper Notebook Virtuoso

    Reputations:
    491
    Messages:
    3,000
    Likes Received:
    334
    Trophy Points:
    151
    Good for the clarification as AutoRun is synonymous to AutoRun found on Windows.
     
  5. jaug1337

    jaug1337 de_dust2

    Reputations:
    2,050
    Messages:
    4,747
    Likes Received:
    829
    Trophy Points:
    181
    The said program is called Autoruns

    I can see the confusion though :D
     
    Papusan likes this.
  6. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    6,479
    Messages:
    14,901
    Likes Received:
    19,854
    Trophy Points:
    931
    Better put in .EXE:D
     
    jaug1337 likes this.
  7. Ruro

    Ruro Notebook Enthusiast

    Reputations:
    0
    Messages:
    10
    Likes Received:
    9
    Trophy Points:
    6
    Been solely using this to hide Nvidia Telemetry only. Why use this when there are better programs out there?
     
  8. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    6,479
    Messages:
    14,901
    Likes Received:
    19,854
    Trophy Points:
    931
    And what programs will you suggested who is so much better? Could you please post those alternatives in @Phoenix Software Updates as well ? Thanks.
     

Share This Page