An autostart mechanism is any operating-system path that launches software automatically when a user signs in, a machine boots, or a session starts. Common Windows examples include registry Run keys, Startup folders, services, and scheduled tasks. Attackers use these locations to create persistence, so malware can return after a reboot or logon without needing the user to open the original file again.
In cyber security, autostart mechanisms matter because they turn a one-time execution into a longer-lived foothold. A script, trojan, or backdoor may drop files, add a Run key, or register a task that starts the payload later. Defenders look for unauthorized changes to these startup paths, unusual parent-child process chains, and suspicious use of tools like wscript.exe or cscript.exe. Monitoring and hardening autostart locations helps stop malware from surviving cleanup and regaining control of the system.