Detections
Analytics
Microsoft Windows AutoRuns Logon
info Nessus Plugin ID 70621
Language:
Synopsis
Report programs that start-up from the most common registry locations.Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
https://support.microsoft.com/en-us/help/309825
http://technet.microsoft.com/en-us/library/cc939862.aspx
http://technet.microsoft.com/en-us/library/cc939851.aspx
http://technet.microsoft.com/en-us/library/cc957402.aspx
http://technet.microsoft.com/en-us/library/ff404236.aspx
http://technet.microsoft.com/en-us/library/cc940243.aspx
http://technet.microsoft.com/en-us/library/cc939931.aspx
http://technet.microsoft.com/en-us/library/cc976124.aspx
http://support.microsoft.com/kb/315222
http://www.nessus.org/u?012a8b4d
http://www.nessus.org/u?21118291
http://www.etlengineering.com/installer/activesetup.txt
https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms861759(v=msdn.10)
https://support.microsoft.com/en-us/help/310593/description-of-the-runonceex-registry-key
Plugin Details
Severity: Info
ID: 70621
File Name: windows_autoruns_logon.nbin
Version: 1.281
Type: local
Agent: windows
Family: Windows
Published: 10/25/2013
Updated: 11/12/2024
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: SMB/Registry/Enumerated, war/setup/ran