Highlighted colors?

All replies

  • Red: unsigned image
    Yellow: missing image 
    Tuesday, July 10, 2012 4:28 PM
  • Thank you!

    Tuesday, July 10, 2012 5:24 PM
  • Hi,
    what does the Pink colour mean?
    Wednesday, July 18, 2012 3:51 AM
  • Also,since Yellow means missing entry,

    is that something to worry about,

    and if so can it be corrected?

    Wednesday, July 18, 2012 4:01 AM
  • What you call pink, I call red.
    Yellow. Not a worry, they are mostly leftovers from uninstalled applications. The Sysinternals drivers,  like PROCEXP<ver>.sys, may also show up because of the way the Sysinternals tools work. They extract the driver from within the .exe,  load it and then delete it from disk.  
    Wednesday, July 18, 2012 6:30 AM
  • Thanks a lot for the prompt reply Dax,
    much appreciated.
    Wednesday, July 18, 2012 6:33 AM
  • If items are highlighted yellow, does that mean you can safely delete them since they are not able to be located anyways? Or will deleting yellow items possibly have disastrous consequences?
    Friday, August 17, 2012 4:51 PM
  • yaneuland,
    i can tell you what i did,
    1..created system restore point
     and simply unchecked the yellow entries at startup
    one at a time,after which i rebooted
    Did NOT delete them,
    Please note that if you try same,
    will be at your own risk.
    Didn't create any problems for me so far though.
    Saturday, August 18, 2012 5:44 AM
  • What does the color purple mean in Sysinternals Autoruns. Thanks.
    Thursday, August 7, 2014 11:20 PM
  • i just ran "autoruns" and a "driver", "mbamchameleon.sys", is highlighted in pink.. i am wondering what that indicates..

    there are some other drivers that are unsigned so i don't think it is simply indicating that the driver is unsigned..

    the "mbamchameleon.sys" driver-file was created when i ran malwarebyte's "mbar" anti-rootkit program, just now.. maybe the pink highlight indicates that the file is new? less than 24 hours old?
    Tuesday, January 27, 2015 1:02 AM
  • An item in pink indicates the image is unsigned. It ha no other meaning.

    Tuesday, January 27, 2015 7:13 AM
  • From the Autoruns Help file:
    If you select the Verify Signatures option, entries corresponding to unsigned images highlight in light red. If the Verify Signatures option is disabled, items that have a missing image or an image with no company name or description highlight in light red.
    Missing images are now highlighted in yellow. Signed images for which verification fails, for example if the certificate has been revoked, are also highlighted in light red.
    Tuesday, January 27, 2015 10:30 AM
  • Purple are group headings, so that items from the same folder or registry key are grouped together.

    You can double-click them to open that Key/Folder.

    The icon on the left shows the type of group, ie. Folder or Registry Key.
    Tuesday, December 5, 2017 7:09 AM
  • AutoRuns Highlighted Colors in list.

    —Pink – no publisher information was found, or the digital signature either doesn’t exist/match, or there is no publisher information.

    —Green – used in comparing against a previous set of Autoruns data to indicate an item that wasn’t there last time.

    —Yellow – startup entry listed points to a non-existing file

    Saturday, January 12, 2019 5:22 AM