Autoruns –
Autorun denotes to a service that runs inevitably without deliberately began by the end-user. The Autorun starts filling its display on behalf of information gathered from AEPS (explained in next section below) as shown in figure below; Each row indicates the name of entries, publisher, description, and image path (which shows the location store of the target file identified by autostart) details. Moreover, each row has a checkbox to enable (entries could only be altered in case of having only administrative privilege) or disable entry along with the VirusTotal scanning status. Autorun also identified the InProcServer services and highlighted it with a yellow border with the message of “File not found” in case of not retrieving the target file at the stipulated location. The TimeStamp tab also assists to obtain useful information about classifying the file category, as if the TimeStamp displays the time in the local zone then that’s the file comes identifying as a portable executive (PE). Finally, if some image file that has not a valid publisher, signature verification, etc, is perceived to be suspiciously marked as pink entries automatically by autorun.
Before deep-diving into the Sysinternals Autoruns utility, it is advisable to elucidating the term ASEP (Autostart Extensibility Point) which are the location in the file system and registry that enable autostarts to configured on Windows both x64 and x32 bit version. In fact, Windows in itself implemented through ASEP in the form of services, drivers, etc. So, the Sysinternals Autoruns utility captured the system information by scanning a plethora of ASEP entries within seconds and making it easier to detect the suspiciously running process, additionally, it could also identify and enable/disable the autostarts.
Demystify Autorun and Malwares
The system administrator typically, responsible to manage and secure sensitive data of the large organization’s in a sustainable manner. Overall it is his cardinal approach to ensure the server system to be functioning in a secure, relentless, reliable, and stable way, wholly resistible from extraneous cyber-attack. Therefore, this article is especially dedicated to the system administrator in order to ease their day to day monitoring activities by mean of several freely available system-related utilities. This article literally, expounds the benefits of leveraging essential system commands on account of retrieve and monitoring sensitive information during auditing breakthrough and data forensic practices.
In that so, the Sys-internals toolkit that is a part of MS TechNet society offers a wide range of free diagnostic tools and utilities to streamline the system administrator crackdown in a bid of identifying shrouded abnormal process and malware hunting.