[Added] Autoruns - App-Request

OLLI_S · 15 Dec 2018, 14:34

I sent the icon right now by email.

Tom · 15 Dec 2018, 19:32

Sysinternals... That is certainly something we want to detect. But I think I have to play around with this one and add detection for the entire suite, rather than the individual programs at this point.
So I will leave it open for now.

Anselm · 15 Dec 2018, 19:46

@Tom It is a suite, but the programs also can be installed separately.

OLLI_S · 15 Dec 2018, 20:55

@Anselm is right, you can install the entire suite but you can also install (just extract an ZIP and use it without installation) each app individually.
This is the reason why each app has its own download link.

Tom · 16 Dec 2018, 09:10

@Anselm Exactly, and these are always a bit of an issue, since if we add all individual programs and the suite, then we will clutter your app list, until the day where we properly can handle bundled apps.

So I guess that we will add detection for the suite soon and then postpone the individual apps until we can "bundle" it, what do you think?

Anselm · 16 Dec 2018, 09:31

@Tom I agree. But i think you will not find a version identifier for the suit. Maybe the newest program in the bundle?

Anselm · 16 Dec 2018, 10:10

@Tom FYI: https://docs.microsoft.com/en-us/sysinternals/downloads/

OLLI_S · 16 Dec 2018, 10:21

@Tom and @Anselm
The Sysinternals Suite is a ZIP-file that contains all Sysinternals Tools.
You extract it into a folder of your choice and there are all tools in one folder.

As far as I can see there is no separate launcher?
So you have to detect each app separate.

Anselm · 16 Dec 2018, 12:47

@Tom Yes, you should detect it as suite. But i am interested how you will do it.

Tom · 16 Dec 2018, 14:20

@Anselm I believe this will be a combination of one of the files and the registry. Probably quite similar to the K-Lite case. But, a quick a look in the registry did not reveal much. So I have to install it on a test system one of the coming days and investigate.

OLLI_S · 16 Dec 2018, 14:52

The suite is just a ZIP file containing all tools in one bundle.
It is not installed, it is just unzipped to a target folder.
And all tools of Sysinternals are portable tools, I think they don't write anything in the registry.

So when a user downloads the complete suite and extracts it, then you only can detect each tool separate because there is no Launcher or other application where you see that it is the complete suite.
There are only the single tools (as far as I know and as far as I can see).

And what if the user downloads the entire suite but deletes some apps from the folder, that he does not need?
Like he deletes all 32-Bit versions of those tool that also offer a 64-Bit version?
And what if the user updates a single tool separate and does not download the complete suite again?
For example a user updates Autoruns but some other tools are not updated by the user?

In my opinion you only can detect each tool separate.

Later when you support grouping you should show an entry called Sysinternals Suite and leave the version number empty.
If I expand it, then I see each installed tool with the proper version number.
This grouping should be shown when you have more than one tool of the suite.

@Tom can start detecting some of those tools individually so later only groping is needed.

Anselm · 16 Dec 2018, 16:14

@Tom I don't think you will find something in the registry. It is only unpacking a zip file - no installation.

Anselm · 16 Dec 2018, 16:24

@Tom @OLLI_S After executing a sysinternal tool you have to accept an eula (for each tool!). Accepting this writes to the registry.

OLLI_S · 18 Dec 2018, 12:41

I think you have to add each tool separate...

Tom · 18 Dec 2018, 12:42

@OLLI_S Yes, it looks that way... That's gonna be a looong day

Tom · 18 Dec 2018, 12:49

1 down X to go

OLLI_S · 18 Dec 2018, 17:26

Autoruns is detected by VulnDetect and the version number is also correct.
Issue solved!

OLLI_S · 20 Dec 2018, 05:46

What about detecting Autorunsc as well?
@Tom Do you need the version info from the EXE file?

OLLI_S · 20 Dec 2018, 22:30

Here the version info of Autorunsc x32

File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc.exe
Product Name:           Sysinternals autoruns
Internal Name:          Sysinternals Autoruns
Original Filename:      autoruns.exe

File Description:       Autostart program viewer
Company:                Sysinternals - www.sysinternals.com
Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
Legal Trademarks:       
Comments:               

File Version String:    13.93
File Version:           13.93.0.0
Product Version String: 13.93
Product Version:        13.93.0.0

Here the version info of Autorunsc x64

File name and path:     D:\PortableApps\PortableApps\_WSCCPortable\Sysinternals Suite\autorunsc64.exe
Product Name:           Sysinternals autoruns
Internal Name:          Sysinternals Autoruns
Original Filename:      autoruns.exe

File Description:       Autostart program viewer
Company:                Sysinternals - www.sysinternals.com
Legal Copyright:        Copyright (C) 2002-2018 Mark Russinovich
Legal Trademarks:       
Comments:               

File Version String:    13.93
File Version:           13.93.0.0
Product Version String: 13.93
Product Version:        13.93.0.0

Important Note

Autorunsc is the command-line version of Autoruns.
So maybe you write Autorunsc (Autoruns Command Line)?

Tom · 21 Dec 2018, 14:33

@OLLI_S So, Autoruns (CLI) now added