Message Image

Skip main navigation (Press Enter).

Data Center Security

View Only

Back to discussions

Expand all | Collapse all

IPS policy for protect schedule tasks on Windows servers

Mao Shu LinMar 24, 2020 04:54 PM

Hi~I'm rookie here. We want to create a IPS policy to monitor and prevent the schedule tasks from been ...

Dimitri DanishevskiMar 31, 2020 10:28 AM

Try to prohibit creating and deleting files in the directory: C:\Windows\System32\Tasks Check also permissions ...

1. IPS policy for protect schedule tasks on Windows servers

0 Recommend
Mao Shu Lin
Posted Mar 24, 2020 04:54 PM

Reply Reply Privately
Hi~I'm rookie here. We want to create a IPS policy to monitor and prevent the schedule tasks from been adding ,modifying ,deleting.
Is anyone willing to share the experience ?

------------------------------
Rookie of Security
------------------------------
2. RE: IPS policy for protect schedule tasks on Windows servers

0 Recommend
Dimitri Danishevski
Posted Mar 31, 2020 10:28 AM

Reply Reply Privately
Try to prohibit creating and deleting files in the directory: C:\Windows\System32\Tasks
Check also permissions for:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
Although in my opinion the folder is enough.

Original Message

Copyright 2019. All rights reserved.

Powered by Higher Logic