Autoruns

Windows keeps lists of programs that it should automatically run when Windows first starts. Many programs add entries to these lists so that the program can run in the background, providing easy access to the program, to operate at all times, and/or to perform tasks at scheduled times such as checking for updates.

Malware also needs to automatically run when Windows starts in order to function in the way that the attacker wishes.

If an Unknown program tries to set itself to automatically run when Windows starts, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it.

Autoruns List

Once a program has been allowed to or blocked from creating an Autorun entry, it will be added to the Autoruns list. You can access this list by opening the Online Armor Control Panel and selecting Autoruns from the Main Menu.

autoruns_th.png

Above the table, on the right-hand side opposite of the tabs, is a drop down menu. This menu will allow you to filter the list to show only Programs, Components, Drivers, and Other. Selecting one of these options will hide all entries in the Autoruns list that do not match the specified criteria.

The Autoruns list is organized using a table with the following columns:

  • Status – Shows whether the Autorun entry was Allowed or Blocked
  • Program Name – Shows the file name of the program on your hard drive that is set to automatically run with Windows.
  • Name – Shows the name of the program that is set to automatically run with Windows.

Each row is color coded to indicate whether the program is Trusted (green), Not Trusted (red), Unknown (salmon), or is no longer present (gray).

A legend showing the colors and their corresponding status can be displayed by clicking on the Legend link above the table.

Underneath the list are the following buttons:

  • Allow All – Sets all Autoruns in the list to Allowed.
  • Allow – If an Autorun has been Blocked then this button will be enabled and will Allow the selected program.
  • Block – Blocks the selected program from automatically running when Windows starts and configures Online Armor to automatically Block any attempts to create the Autorun entry again in the future.
  • Delete – Removes the Autorun from the list. Deleting the item will cause Online Armor to pop up again if the program attempts to create the selected Autorun again in the future.

Online Armor does not show Trusted programs by default to keep the Autoruns list more manageable. Remove the check next to the “Hide trusted” box to the left of the buttons at the bottom to see the Trusted Autorun programs in the list.

Autoruns List Context Menu

You can right-click any item in the Autoruns list to access the following additional options.

  • autorunscontext.png Show file information – Shows any information about the file that was included by the maker of the program. In addition to the information included by the programmer, is the exact path of the Autorun's key in the registry. If the program has a valid digital signature, the words "Signed by:" will be displayed in green text, followed by the name of the signer. You can also click More to be taken to the Online Armor website for any information Online Armor has collected about this particular program.
  • Jump to – Takes you to the exact path of this Autorun's key in the registry.
  • Find – Allows you to perform a search in the Autoruns list to find a particular program.
  • Autosize columns – Sets the Autoruns list to automatically resize all columns in the table to accommodate the longest string of text in each column.