Scheduled Task Enabled

Disabled by default

Service: Microsoft Windows security auditing

Log type: Security

An update to a scheduled task may indicate a malicious attacker enabling their own scheduled task to compromise a system. A new malicious task being enabled may be a part of a trail of evidence in the wake of an attack.

View Logs
Get-WinEvent -FilterHashTable @{LogName='Security';ID='4700'} -MaxEvents 1 | Format-List
Check Logging Status
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Disable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Enable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Language: PowerShell
Back to Windows

To view this log in the Event Viewer, open the event viewer and navigate to the Windows Logs heading and then the Security Tab. From here, select the find function and search for the value 4700 , or filter the log for the ID 4700.

To view this log in the command line with Get-WinEvent, open PowerShell as an administrator. From here, enter the command Get-WinEvent -FilterHashTable @{LogName='Security';ID='4700'} -MaxEvents 1 | Format-List

To view this log in the command line with wevtutil, open PowerShell or Command Prompt as an administrator. From here, enter the command wevtutil qe Security "/q:*[System [(EventID=4700)]]" /f:text /c:1