Microsoft to Forcefully Push Scheduled Tasks to Windows PCs – How to Monitor and Remove Them

By /

Listen to this Post

Microsoft is reportedly planning to automatically install a scheduled task for Office Apps in May 2024, raising concerns about system performance and user control. This follows previous controversial forced updates, such as the “New Outlook” push.

According to BleepingComputer, this scheduled task will be deployed without explicit user consent, potentially impacting CPU and RAM usage.

You Should Know: How to Detect and Remove Unwanted Scheduled Tasks

1. Checking Scheduled Tasks via Command Line

Use the following command to list all scheduled tasks: 

Get-ScheduledTask | Format-Table TaskName, State, TaskPath

To check a specific task:

Get-ScheduledTask -TaskName "YourTaskName" | Get-ScheduledTaskInfo
  1. Monitoring Scheduled Task Creation via Event Logs
    Windows logs scheduled task creation under Event ID 4698 in the Security log. To filter for these events: 

    Get-WinEvent -LogName Security -FilterXPath "[System[EventID=4698]]" | Format-List

Alternatively, use Event Viewer:

1. Open `eventvwr.msc`

2. Navigate to Windows Logs > Security

3. Filter for Event ID 4698

3. Deleting Unwanted Scheduled Tasks

To remove a suspicious task:

Unregister-ScheduledTask -TaskName "SuspiciousTask" -Confirm:$false

Or via Task Scheduler GUI:

  1. Press Win + R, type taskschd.msc, and hit Enter.
  2. Locate the unwanted task, right-click, and select Delete.
    1. Preventing Unauthorized Task Creation via Group Policy

To restrict scheduled task creation:

1. Open `gpedit.msc`

2. Navigate to:

Computer Configuration > Windows Settings > Security Settings > System > Task Scheduler

3. Configure “Prohibit Task Creation” as needed.

What Undercode Say

Forced updates and automated tasks can introduce performance and security risks. System administrators should:
– Monitor Event ID 4698 for unauthorized task creation.
– Regularly audit scheduled tasks using PowerShell or Task Scheduler.
– Restrict task creation permissions via Group Policy.
– Use Linux alternatives (e.g., `cron` jobs) where possible for better transparency.

Linux Equivalent for Task Monitoring:

crontab -l  List current user's cron jobs
sudo ls /etc/cron.  Check system-wide cron jobs

Expected Output: A secure, auditable task management system with minimal unauthorized automation.

References:

Reported By: Alexrodriguezsf Microsoft – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: