Uncommon Local Scheduled Task Creation via schtasks.exe

The
Uncommon Local Scheduled Task Creation via schtasks.exe
Analytics alert indicates an uncommonly scheduled task ran on the endpoint that executed a Windows service.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Low

Description

The schtasks.exe command enables creating, deleting, querying, changing, running, and ending scheduled tasks on a local or remote endpoint.

Attacker's Goals

Attackers may attempt to use the command to gain persistence on the endpoint using scheduled tasks.

Recommended For You