Autoruns 11.42: The case of missing list items
While performing my duties as a computer and network administrator, I have often used Sysinternals Autoruns to manage computer programs that automatically start with the computer. Frankly, it is the most advanced startup management tool I have known to date. Therefore, it came as a shock to me when I observed that myriads of startup entries cease to show up after enabling digital signature verification. Was it a bug or was it my fault?
Actually, resolving this issue didn’t take more than a second: I immediately realized what’s the problem – or, to be honest, I realized there is no problem at all. But the amount of shock that it gave me made write this post. The disappearance of certain items is not a product of the digital signature verification feature, but rather, the result of another filtering featuring that enables Autoruns to hide Windows and/or Microsoft programs from the list. With all the filters removed, all items appear whether their digital signature is verified or not.
The keyword here, however, if “verification”. When filtering is enabled, Autoruns looks up the program to see if it is a Windows and/or Microsoft program. With digital signature verification disabled, Autoruns has no choice but to accept whatever the program says. With digital signature verification enabled, Autoruns checks the claim (of being or not being a component of Windows or Microsoft product) against digital signature. And lo and behold: In a lot of cases, the verification does not come positive.
In the test computers that you see in the screenshots, a lot of items disappear after enabling verification because Autoruns decides they are part of Windows. That’s true: Windows comes bundled with a lot of device drivers from third-party vendors, so that when you connect those devices, you are ready to go. But these drivers bear the Microsoft Windows digital signature.
Posted on 16 July 2013, in Windows Administration and tagged Autoruns, digital signature, drivers, Microsoft Hardware Compatibility Publisher, startup, Sysinternals, Windows. Bookmark the permalink. Leave a comment.