autoruns64.exe

Sysinternals Autoruns (64-bit)

Application ProcessSafeDiagnostic Tool

CPU Usage

0-2% (on demand)

Memory

5-20 MB

Location

C:\Program Files\Autoruns

Publisher

Sysinternals / Microsoft

Quick Answer

autoruns64.exe is safe. A Sysinternals diagnostic utility that lists startup locations. It runs on demand and does not modify settings unless you perform actions inside the tool.

Is it a Virus?

✔ NO - Safe

Must be in C:\Program Files\Autoruns\Autoruns64.exe or C:\Sysinternals\Autoruns\Autoruns64.exe

Warning

Not a typical active process

Autoruns runs on demand; if you see it running without launching, verify provenance and digital signature

Can I Disable?

✔ YES

Autoruns is a diagnostic tool; you can close it or uninstall if not needed

What is autoruns64.exe?

autoruns64.exe is a portable Sysinternals utility that enumerates every startup location and auto-run entry on Windows, including Run, RunOnce, startup folders, services, drivers, and scheduled tasks. It focuses on 64-bit Windows to provide comprehensive visibility into persistence points.

Autoruns analyzes startup entries across Registry keys, startup folders, and services, presenting details such as path, publisher, and signatures. It does not modify startup items by default; any changes require explicit user action within the tool.

Quick Fact: Autoruns is part of Sysinternals and helps uncover hidden autostarts and malware persistence by listing all auto-start locations.

Types of Autoruns Processes

UI Process: Main graphical interface for viewing and managing startup entries
Background Enumerator: Background thread that catalogs startup locations during scans
Export/Report Generator: Optional helper used when exporting results to text, CSV, or HTML

Is autoruns64.exe Safe?

Yes, autoruns64.exe is safe when downloaded from official Sysinternals/Microsoft sources.

Is autoruns64.exe a Virus or Malware?

The real autoruns64.exe is not a virus. Malware can masquerade with similar names; verify signature.

How to Tell if autoruns64.exe is Legitimate or Malware

File Location: Must be in C:\Program Files\Autoruns\ or C:\Sysinternals\Autoruns\. Any autoruns64.exe elsewhere is suspicious.
Digital Signature: Right-click the file → Properties → Digital Signatures. Should show "Sysinternals" or "Microsoft Corporation".
Resource Usage: Autoruns should consume negligible resources when idle. Unusual CPU/memory usage suggests tampering.
Behavior: Autoruns should not modify system startup entries automatically. Unexpected changes indicate potential malware activity.

Red Flags: If autoruns64.exe is found in unusual folders, runs without being launched, lacks a digital signature, or attempts to modify startup entries without user consent, scan with antivirus and verify source.

Why Is autoruns64.exe Running on My PC?

autoruns64.exe runs when you intentionally start the Sysinternals Autoruns tool to audit startup entries, or when IT/security software invokes it as part of a diagnostic, inventory, or remediation workflow.

Reasons it's running:

Manual Launch: You opened Autoruns to inspect startup entries and persistence points
IT/Security Audit: A security tool or IT administrator invoked Autoruns to inventory startup items
Automated Diagnostics: A diagnostic script or repair utility calls Autoruns to collect startup data
Portable/Repair Scenario: You are running a portable Sysinternals suite that includes Autoruns for offline analysis
System Maintenance: A routine maintenance task validates autostart locations as part of system health checks

Can I Disable or Remove autoruns64.exe?

Yes, you can close or remove autoruns64.exe. It is a diagnostic tool and not required for Windows to operate.

How to Stop autoruns64.exe

Close the Program: Click the X button or choose Exit to stop Autoruns
End Task: If it is unresponsive, open Task Manager, find autoruns64.exe, and End Task
Uninstall: Use Apps & Features to uninstall Sysinternals Autoruns or delete the folder where it was extracted
Prevent Startup: If bundled in a startup suite, remove the Autoruns folder from startup paths
Run as Administrator: Not required for normal use; run as admin only if you need elevated enumeration of protected keys

How to Uninstall Autoruns

✔ Windows Settings → Apps → Apps & Features → Sysinternals Autoruns → Uninstall
✔ Delete the Autoruns folder (e.g., C:\Program Files\Autoruns or C:\Sysinternals)
✔ Optionally remove any related Sysinternals components from the system

Common Problems: Startup Enumeration or Export Issues

If autoruns64.exe fails to enumerate locations or export results, try these fixes.

Common Causes & Solutions

Insufficient permissions: Run Autoruns as Administrator to access protected registry keys and startup locations
Outdated version: Update to the latest Sysinternals Autoruns from the official source
Offline or protected registry: Mount an offline registry or run on a live system with access to hive locations
Hide Microsoft entries: In Autoruns, disable the option 'Hide Signed Microsoft Extensions' to reveal all items
Export permission denied: Run Autoruns with write permission to the target export path or choose a writable location
Antivirus interference: Exclude Autoruns from real-time scanning or temporarily disable protection during use

Quick Fixes:
1. Run as Administrator to access protected keys
2. Check for updates and install the latest Autoruns version
3. Review and disable unnecessary items using the UI
4. Export results to HTML/CSV if needed
5. Ensure the export path is writable and not blocked by security software

Frequently Asked Questions

What is autoruns64.exe?

autoruns64.exe is a Sysinternals utility that lists all startup entries and auto-run locations on 64-bit Windows, helping you identify persistence points and potential malware.

Is Autoruns64.exe safe to use?

Yes, when downloaded from official Sysinternals/Microsoft sources; verify digital signatures and file location before use.

Where is autoruns64.exe located on Windows?

Common locations include C:\Program Files\Autoruns\Autoruns64.exe or C:\Sysinternals\Autoruns\Autoruns64.exe. Other locations may indicate tampering.

Can Autoruns modify startup entries?

Autoruns displays and allows explicit actions to modify startup entries; it will not change settings without user confirmation.

How do I export results from Autoruns?

Use the Export option in the UI to save the current startup item list to HTML, CSV, or TXT; ensure you have write permissions.

Is Autoruns malware or a component of malware?

No, Autoruns is a legitimate Sysinternals tool. Malware may masquerade with similar names, so always verify source, signature, and location.

Related Processes

procmon.exe

Sysinternals Process Monitor

tcpview.exe

Sysinternals TCPView

sigcheck.exe

Sysinternals Signature Verification Tool