autorunsc.exe

Sysinternals Autorunsc Command-Line Scanner

System UtilitySafeCommand-Line Tool

CPU Usage

1-6%

Memory

0.5-3 MB

Location

C:\Sysinternals\autorunsc.exe

Publisher

Microsoft Corporation

Quick Answer

autorunsc.exe is safe. It's a Sysinternals command-line scanner that enumerates startup items across the system for auditing and incident response.

Is it a Virus?

✔ NO - Safe

Must be in C:\Sysinternals\autorunsc.exe or C:\Program Files\Sysinternals\autorunsc.exe

Can I Disable?

✔ YES - You can simply avoid running it; there are no services to stop

Autorunsc.exe is a non-persistent CLI tool; it does not start a service or background process by itself

How to Use?

Run in an elevated command prompt: autorunsc.exe -accepteula -a -c -s > results.txt

Run with elevated privileges to inspect all startup locations; otherwise some entries may be omitted

What is autorunsc.exe?

autorunsc.exe is the command-line counterpart to Sysinternals Autoruns. It inventories startup entries across Windows, including registry autostart locations (HKLM and HKCU), startup folders, services, drivers, and scheduled tasks. Use it for scripted audits and incident response when a GUI is not available.

Autorunsc.exe scans startup locations across registry keys, startup folders, services, drivers, and scheduled tasks, producing concise output suitable for parsing in security and IT workflows.

Quick Fact: Autorunsc.exe enables automated collection of startup data without the GUI, making it ideal for batch scripts and security investigations.

Types of Autorunsc Outputs

Command-Line Scanner: Core tool that enumerates startup entries via CLI
Registry Run Keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run and HKCU equivalents
Startup Folders: Startup folder locations in File System
Services: Windows services registered to autostart
Drivers: Startup drivers loaded at boot
Scheduled Tasks: Tasks configured to run at startup or logon

Is autorunsc.exe Safe?

Yes, autorunsc.exe is safe when downloaded from the official Sysinternals site and used as intended.

Is autorunsc.exe a Virus or Malware?

The genuine autorunsc.exe is not a virus. Malware may masquerade as Sysinternals tools to trick users.

How to Tell if autorunsc.exe is Legitimate or Malware

File Location:: Must be in C:\Sysinternals\autorunsc.exe or C:\Program Files\Sysinternals\autorunsc.exe. Anything else is suspicious.
Digital Signature:: Right-click the file C:\Sysinternals\autorunsc.exe -> Properties -> Digital Signatures. Should show a Sysinternals/Microsoft signer.
Version Publisher:: Check the digital certificate issuer for 'Microsoft Corporation' or 'Sysinternals'.
Hash Verification:: Compute SHA256: certutil -hashfile C:\Sysinternals\autorunsc.exe SHA256 and compare with the official Sysinternals hash from the download page.

Red Flags: If autorunsc.exe appears in unexpected folders (e.g., Temp or AppData), runs without being invoked, or lacks a valid signature, scan with antivirus and verify the source.

Why Is autorunsc.exe Running on My PC?

autorunsc.exe runs when you explicitly execute the Sysinternals Autoruns CLI to enumerate startup entries on demand. It does not launch on its own unless scripted.

Reasons it's running:

On-Demand Scan: You or a script invoked the tool to audit startup entries.
Remote/Automated Audits: Admins run it in configuration-management or incident-response workflows.
Scripted Compliance: Automated checks for security baselines call autorunsc.exe to gather data.
System Troubleshooting: You might use it to identify unexpected autostart items causing issues.
Lab or Training Environments: Used in controlled environments to teach startup-item auditing.

Can I Disable or Remove autorunsc.exe?

Yes, you can remove it. It is a utility, not a service, and does not run unless you execute it. If part of a Sysinternals suite installation, you can uninstall the suite or delete the executable from its folder.

How to Stop autorunsc.exe

Do Not Run It: Simply avoid executing autorunsc.exe; there are no background services to stop.
Delete the Executable: Remove C:\Sysinternals\autorunsc.exe (or the corresponding Sysinternals folder).
Uninstall Sysinternals Suite: If you installed the full Sysinternals suite, uninstall via Programs and Features.
Confirm No Shortcuts: Delete any shortcuts or scripts that reference autorunsc.exe.
Group Policy/MDM: If deployed via management tools, remove the deployment to prevent future copies.

How to Uninstall Sysinternals Suite

✔ Windows Settings → Apps → Apps & Features → Sysinternals Suite → Uninstall
✔ Control Panel → Programs → Programs and Features → Sysinternals Suite → Uninstall
✔ Delete remaining Sysinternals folders if any

Common Problems: CLI Startup Item Enumeration

If autorunsc.exe is not producing results or behaves oddly when scanning, verify syntax, permissions, and that you are using a current Sysinternals build.

Common Causes & Solutions

EULA prompt blocks output: Run with -accepteula or pre-accept the EULA on first run.
Insufficient permissions: Run as Administrator to enumerate HKLM, services, and drivers.
Outdated Sysinternals version: Download the latest Autoruns/autorunsc from the Sysinternals site.
Missing output destinations: Redirect or pipe output to a file (e.g., > results.txt).
Partial data due to restricted locations: Ensure you run with elevated rights and include all switches (-accepteula -a -c -s).
Corrupted executable: Re-download from the official Sysinternals site and verify hash.

Quick Fixes:
1. Quick Fixes:
2. 1. Run with -accepteula to accept the EULA on first run
3. 2. Execute as admin to access all startup areas
4. 3. Pipe output to a file for large results: autorunsc.exe > results.txt
5. 4. Use -a -c -s to enumerate all locations
6. 5. Update Sysinternals to the latest version

Frequently Asked Questions

What is autorunsc.exe and what does it do?

autorunsc.exe is the command-line companion to Sysinternals Autoruns. It enumerates startup entries across the system, including Run keys, startup folders, services, drivers, and scheduled tasks. It’s ideal for automated audits and incident response.

How do I use autorunsc.exe?

You use autorunsc.exe by running it from an elevated command prompt. Typical usage includes options like -accepteula, -a, -c, and -s to enumerate all startup locations and output the results to a file.

Is autorunsc.exe safe to run?

Yes, autorunsc.exe is safe to run if downloaded from the official Sysinternals site. Ensure you verify its location is within C:\Sysinternals or C:\Program Files\Sysinternals.

Do I need admin rights to use autorunsc.exe?

You usually need administrative privileges to enumerate all startup locations (HKLM, services, drivers). Run the command prompt as Administrator and then execute autorunsc.exe.

How can I save the results from autorunsc.exe?

To save results, redirect output to a file, e.g., autorunsc.exe -accepteula -a > results.txt or use the -csv switch for CSV output.

Is there a GUI version of autorunsc.exe?

Autorunsc.exe is a non-GUI tool; for graphical viewing of startup items you can use autoruns.exe (the GUI) from the Sysinternals suite.