Windows Task Scheduler Activities

Scheduled tasks can be maliciously created or deleted. The Task Scheduler can be used, for instance, to create tasks that wait for certain preconditions before downloading malicious files or to load malicious software into memory.

Sections on this page

SIEM Events

New Task Registered

New Task Registered Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

Task Deleted

Task Deleted Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

Task Disabled

Task Disabled Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

AIS Managed SIEM

Last modified March 24, 2021