Scheduled Task Enabled
Enabled by default
Service: Microsoft Windows security auditing
Log type: Security
An update to a scheduled task may indicate a malicious attacker enabling their own scheduled task to compromise a system. A new malicious task being enabled may be a part of a trail of evidence in the wake of an attack.
Get-WinEvent -FilterHashTable @{LogName='Security';ID='4700'} -MaxEvents 1 | Format-List
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
To view this log in the Event Viewer, open the event viewer and navigate to the Windows Logs heading and then the Security Tab. From here, select the find function and search for the value 4700 , or filter the log for the ID 4700.
To view this log in the command line with Get-WinEvent, open PowerShell as an administrator. From here, enter the command Get-WinEvent -FilterHashTable @{LogName='Security';ID='4700'} -MaxEvents 1 | Format-List
To view this log in the command line with wevtutil, open PowerShell or Command Prompt as an administrator. From here, enter the command wevtutil qe Security "/q:*[System [(EventID=4700)]]" /f:text /c:1