Hello, I don’t think I’m the only one who has seen this. I’ve noticed that if there are unknown files on a computer Autoruns will sometimes find a different number of files. I would understand it if this number started big and then became small, as this would indicate that the entries had been analyzed and trusted, but I’ve seen the opposite.
Has anyone else seen this?
For example, I ran it on a friends computer to have all unknown files whitelisted. I submitted all unknown entries to be analyzed here. I then checked again, and all of those were still unknown, but in addition there were 4 other files that were now unknown. These can be found here.
Does anyone know why this might be? As for now I’m assuming it’s a bug, and it’s also been seen here.
Hi chiron,
Even I noticed the same ,at first it detected 5 and then it jumped to 7.
I have noted this behaviour during my testing of CCE.
After installing malware, restarting the system, cleaning with KillSwicth & AutoRun all the malware, camas.suspicious, FLS Unknown it not always but at times showed 1-2 new entries & they were malware entries. At times 2nd restart everything was fine but at 3rd restart it showed entries related to malware.
After deleting entries through KillSwicth & AutoRun & tempfiles I use to think why msconfig is still shwoing 1 malware entry & why it was not found by CCE tools. So I use to restart the system & most of the times it found the remaining 1 malware entry in 2nd restart & very rarely in 3rd restart. Sometimes it never found the entry may be coz of other reasons. And also some times even the malware entries deleted by CCE tools some entries returned & I guess this may be a different issue as many malware recreate the entries.
Okay, so it appears that this bug may be related to the virus database. I am not seeing it, although I have only a few computers to check it on and they don’t have unknown files any more. I was wondering if other people could see if this fixes the problem. If so then I’ve narrowed down the bug.
Please try running a smart scan with CCE. Then, once the scan has started, cancel the scan. This is just to make sure the virus database was completely downloaded and integrated. After this restart CCE and start Autoruns Analyzer.
Note which programs it finds unknown.
Then close it and open it again. See if it now finds the same files instead of constantly finding different ones.
Please post below and let me know whether this workaround works for you or not.
Thanks.
Hi, I got a PM from egemen about this. He said that this bug is related to cloud server timeouts, but that it cannot list a malicious file as safe, it can only list files as unknown.
The problem is related to poor network and they are currently working on improvements.
Hopefully they’ll fix it soon.