Scheduled Task Created
Enabled by default
Service: Microsoft Windows security auditing
Log type: Security
Scheduled tasks serve a lot of purposes on the Windows system, including both innocuous, everyday tasks or potentially malicious activity on a machine. The creation of a scheduled task may indicate an attacker attempting to establish persistence on a machine.
Get-WinEvent -FilterHashTable @{LogName='Security';ID='4698'} -MaxEvents 1 | Format-ListUnfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
To view this log in the Event Viewer, open the event viewer and navigate to the Windows Logs heading and then the Security Tab. From here, select the find function and search for the value 4698 , or filter the log for the ID 4698.
To view this log in the command line with Get-WinEvent, open PowerShell as an administrator. From here, enter the command Get-WinEvent -FilterHashTable @{LogName='Security';ID='4698'} -MaxEvents 1 | Format-List
To view this log in the command line with wevtutil, open PowerShell or Command Prompt as an administrator. From here, enter the command wevtutil qe Security "/q:*[System [(EventID=4698)]]" /f:text /c:1