• United States

How to detect buggy device drivers in Windows 10

Aug 01, 20163 mins
MicrosoftSmall and Medium BusinessWindows

windows bugs crashes
Credit: Thinkstock

When buggy third-party drivers crash a system and invoke a blue screen of death, it can be difficult to pinpoint the source among all the active running software. An alternative method to using WinDbg is to identify any device driver addition or change that occurred prior to the Blue Screen of Death event.

Windows device drivers are just one part of the broader Windows operating environment function called Autorun Settings. Windows’ Autorun Settings identify Windows auto-starting software, including all Windows device drivers, during system bootup or login.

Windows 10 compare

In this image, AutorunCheck Forensic v1.0.1 displays the BEFORE and AFTER state of a driver. When chasing down the cause of a system crash, knowing what changed is valuable.

As an alternative to the tried-and-true Windows Debugger method, buggy device drivers that caused Windows to go from a stable operating environment to suffering a BSOD can be discovered through a process of authenticating all device drivers and detecting any recent change events (such as device driver changes or addition).

The process of discovering, authenticating, and detecting driver state changes can be accomplished using a myriad of available Autorun utilities, but most require manually combing through all of the system’s Autorun Settings, which can be a time-consuming, frustrating process.

There are some utilities listed in the following table that are capable of automating this process through built-in functionality. These Autorun utilities allow you to take a snapshot of the current Windows system state, identify all recent system change events, and authenticate non-offending change events. These system change events identify the timeline and driver differences which ultimately help to resolve the BSOD culprit.

The following table is not a comprehensive comparison of all features of the products listed, but highlights the features that apply to BSOD issues.

Autorun utility software capable of automating driver change detection

ProductAutorunsAutorunCheckConfigSafeFireTower Guard
Triggering On-Demand On-Demand On-Demand Real-Time
Discovery1 Live only Live + Shadows Live + Shadows Live only
Authentication2 2a 2b  None 2c
Change Detection3 Manual Manual Manual Real-Time
  • “Note: 1: Discovery: Discover Auto-starting locations for Live Windows State and Windows State in Volume Shadow Copies.
  • 2: Authentication: Authentication through file image hash value in Autorun Settings from malware databases and whitelist databases.
  • 2a: Authentication source:
  • 2b: Authentication source: Autorun Setting Repository, and three adjustable online anti-malware engines.
  • 2c: Authentication source: Autorun Setting Repository, and three adjustable online anti-malware engines.3: Change Detection: Manually compare two Autorun snapshots vs real-time automatic change detection notification.