Uncommon Remote Scheduled Task Creation via schtasks.exe

The
Uncommon Remote Scheduled Task Creation via schtasks.exe
Analytics alert indicates the uncommon scheduling of a task on a remote endpoint.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
High

Description

The schtasks.exe command enables creating, deleting, querying, changing, running, and ending scheduled tasks on a local or remote computer.

Attacker's Goals

Attackers can attempt to use the command to execute programs or persist malware on remote endpoints.

Recommended For You