Is it a Virus?
✔ NO - Safe
Must be in C:\Program Files\Autoruns\Autoruns64.exe or C:\Sysinternals\Autoruns\Autoruns64.exe
Warning
Not a typical active process
Autoruns runs on demand; if you see it running without launching, verify provenance and digital signature
Can I Disable?
✔ YES
Autoruns is a diagnostic tool; you can close it or uninstall if not needed
What is autoruns64.exe?
autoruns64.exe is a portable Sysinternals utility that enumerates every startup location and auto-run entry on Windows, including Run, RunOnce, startup folders, services, drivers, and scheduled tasks. It focuses on 64-bit Windows to provide comprehensive visibility into persistence points.
Autoruns analyzes startup entries across Registry keys, startup folders, and services, presenting details such as path, publisher, and signatures. It does not modify startup items by default; any changes require explicit user action within the tool.
Quick Fact: Autoruns is part of Sysinternals and helps uncover hidden autostarts and malware persistence by listing all auto-start locations.
Types of Autoruns Processes
- UI Process: Main graphical interface for viewing and managing startup entries
- Background Enumerator: Background thread that catalogs startup locations during scans
- Export/Report Generator: Optional helper used when exporting results to text, CSV, or HTML
Is autoruns64.exe Safe?
Yes, autoruns64.exe is safe when downloaded from official Sysinternals/Microsoft sources.
Is autoruns64.exe a Virus or Malware?
The real autoruns64.exe is not a virus. Malware can masquerade with similar names; verify signature.
How to Tell if autoruns64.exe is Legitimate or Malware
- File Location:: Must be in
C:\Program Files\Autoruns\ or C:\Sysinternals\Autoruns\. Any autoruns64.exe elsewhere is suspicious.
- Digital Signature:: Right-click the file → Properties → Digital Signatures. Should show "Sysinternals" or "Microsoft Corporation".
- Resource Usage:: Autoruns should consume negligible resources when idle. Unusual CPU/memory usage suggests tampering.
- Behavior:: Autoruns should not modify system startup entries automatically. Unexpected changes indicate potential malware activity.
Red Flags: If autoruns64.exe is found in unusual folders, runs without being launched, lacks a digital signature, or attempts to modify startup entries without user consent, scan with antivirus and verify source.
Why Is autoruns64.exe Running on My PC?
autoruns64.exe runs when you intentionally start the Sysinternals Autoruns tool to audit startup entries, or when IT/security software invokes it as part of a diagnostic, inventory, or remediation workflow.
Reasons it's running:
- Manual Launch: You opened Autoruns to inspect startup entries and persistence points
- IT/Security Audit: A security tool or IT administrator invoked Autoruns to inventory startup items
- Automated Diagnostics: A diagnostic script or repair utility calls Autoruns to collect startup data
- Portable/Repair Scenario: You are running a portable Sysinternals suite that includes Autoruns for offline analysis
- System Maintenance: A routine maintenance task validates autostart locations as part of system health checks
Can I Disable or Remove autoruns64.exe?
Yes, you can close or remove autoruns64.exe. It is a diagnostic tool and not required for Windows to operate.
How to Stop autoruns64.exe
- Close the Program: Click the X button or choose Exit to stop Autoruns
- End Task: If it is unresponsive, open Task Manager, find autoruns64.exe, and End Task
- Uninstall: Use Apps & Features to uninstall Sysinternals Autoruns or delete the folder where it was extracted
- Prevent Startup: If bundled in a startup suite, remove the Autoruns folder from startup paths
- Run as Administrator: Not required for normal use; run as admin only if you need elevated enumeration of protected keys
How to Uninstall Autoruns
- ✔ Windows Settings → Apps → Apps & Features → Sysinternals Autoruns → Uninstall
- ✔ Delete the Autoruns folder (e.g., C:\Program Files\Autoruns or C:\Sysinternals)
- ✔ Optionally remove any related Sysinternals components from the system
Common Problems: Startup Enumeration or Export Issues
If autoruns64.exe fails to enumerate locations or export results, try these fixes.
Common Causes & Solutions
- Insufficient permissions: Run Autoruns as Administrator to access protected registry keys and startup locations
- Outdated version: Update to the latest Sysinternals Autoruns from the official source
- Offline or protected registry: Mount an offline registry or run on a live system with access to hive locations
- Hide Microsoft entries: In Autoruns, disable the option 'Hide Signed Microsoft Extensions' to reveal all items
- Export permission denied: Run Autoruns with write permission to the target export path or choose a writable location
- Antivirus interference: Exclude Autoruns from real-time scanning or temporarily disable protection during use
Quick Fixes:
1. Quick Fixes:
2. 1. Run as Administrator to access protected keys
3. Check for updates and install the latest Autoruns version
4. Review and disable unnecessary items using the UI
5. Export results to HTML/CSV if needed
6. Ensure the export path is writable and not blocked by security software
Frequently Asked Questions
What is autoruns64.exe?
autoruns64.exe is a Sysinternals utility that lists all startup entries and auto-run locations on 64-bit Windows, helping you identify persistence points and potential malware.
Is Autoruns64.exe safe to use?
Yes, when downloaded from official Sysinternals/Microsoft sources; verify digital signatures and file location before use.
Where is autoruns64.exe located on Windows?
Common locations include C:\Program Files\Autoruns\Autoruns64.exe or C:\Sysinternals\Autoruns\Autoruns64.exe. Other locations may indicate tampering.
Can Autoruns modify startup entries?
Autoruns displays and allows explicit actions to modify startup entries; it will not change settings without user confirmation.
How do I export results from Autoruns?
Use the Export option in the UI to save the current startup item list to HTML, CSV, or TXT; ensure you have write permissions.
Is Autoruns malware or a component of malware?
No, Autoruns is a legitimate Sysinternals tool. Malware may masquerade with similar names, so always verify source, signature, and location.