Malicious activity

Scheduled Task Created in Task Scheduler Library Root Node

Platform(s)
  • N/A

Description

This alert indicates that a new scheduled task has been created in the Task Scheduler Library root node on a Windows system. The Task Scheduler Library root node is a centralized location that stores all scheduled tasks on a Windows system. A new task created in this location can indicate potential malicious activity, such as an attacker attempting to establish persistence on a compromised system.