Scan Options
Use the scan options dialog to specify what information should be collected in a scan.
The Verify Signatures can result in Autoruns querying certificate revocation list (CRL) web sites to determine if image signatures are valid. Autoruns displays the text "(Not verified)" next to the company name of an image that either does not have a signature or has a signature that is not signed by a certificate root authority on the list of root authorities trusted by the system. If you select the Verify Signatures option, entries corresponding to unsigned images highlight in light red. If the Verify Signatures option is disabled, items that have a missing image or an image with no company name or description highlight in light red.
If you enable the Check VirusTotal option, Autoruns will query the free VirusTotal.com service to get the results of the entry's scan with dozens of antimalware engine. The result displayed is either the number of engines that reported the entry as malicious over the total number of engines that have scanned the entry, or 'unknown', which indicates the entry has not been submitted for scanning. You can enable Submit Unknown Images to have Autoruns submit an image for scanning and wait for the results, which can take several minutes.
To have Autoruns only scan per-user locations for the current or specified user profile, select the Scan Only Per-User Locations option. This can be useful for analyzing only the entries under the influence of unprivileged accounts.