Windows Security

Audit installed software for risk

Practical Windows guide: audit installed software for risk without the usual guesswork.

10 min read Beginner Updated 9 Jun 2026
Windows library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

What you will achieve

Review installed software on a Windows PC for unwanted, outdated, or risky programs using built-in tools and exportable inventories.

1) Review installed apps in Settings

  1. Open Settings → Apps → Installed apps (Windows 11) or Apps & features (Windows 10).
  2. Sort by install date to spot recently added software you do not recognise.
  3. Uninstall anything unused or from unknown publishers — check publisher name before removing business tools.

2) Export a full inventory via PowerShell

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*,
  HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*,
  HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
  Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
  Sort-Object DisplayName | Export-Csv "$env:USERPROFILE\Desktop\software-audit.csv"

3) Check startup and scheduled tasks

  1. Settings → Apps → Startup — disable unknown startup apps.
  2. Open taskschd.mscTask Scheduler Library — review tasks calling unknown executables from AppData or Temp.

4) Compare against known-good baseline

  1. On a clean corporate image or fresh install, export the same CSV and diff against the suspect PC.
  2. Research unknown entries at the publisher website — not random "what is this process" sites that push cleaners.

5) Winget inventory

winget list > "$env:USERPROFILE\Desktop\winget-list.txt"

6) Services tied to software

Get-CimInstance Win32_Service | Where-Object {$_.PathName -match "AppData|Program Files"} | Select-Object Name, State, PathName

7) Browser extensions audit

  1. Review extensions in Edge/Chrome — many "free" tools install browser sidecars not listed in Settings Apps.

8) Autoruns from Sysinternals

  1. Download Autoruns from Microsoft Sysinternals — review Logon, Scheduled Tasks, and Winsock providers not visible in Settings alone.

9) Compare installed KBs and runtimes

wmic product get name,version
Get-Package | Select-Object Name, Version

wmic product is slow but catches MSI installs winget misses.

Verification checklist

Compare CSV export month-over-month — new unknown publishers highlighted quickly. Cross-check Startup tab against installed app list for orphans.

  1. Reboot once after changes that affect services, drivers, or firmware.
  2. Confirm the original problem is resolved under normal daily use, not only immediately after the fix.
  3. Note date, Windows version (Settings → System → About), and what changed in your personal runbook for next time.

Quick reference paths

  • Settings → Apps → Installed apps
  • appwiz.cpl
  • winget list
  • Admin tools: press Win + X for Terminal (Admin), Device Manager, and Computer Management.

Schedule this audit after every employee offboarding and before handing a PC to a new user — stale remote-control tools and VPN clients are common surprises.

Related guides

audit installed software windows

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Security
Windows Defender exclusions (when safe)
Practical Windows guide: windows Defender exclusions (when safe) without the usual guesswork.
Read guide
Security
Local admin vs standard user accounts
Practical Windows guide: local admin vs standard user accounts without the usual guesswork.
Read guide