Check or Attack Name: schedule

The Windows NT schedule service was detected as running. This service allows administrators to schedule batch jobs to occur at specified times. Since the schedule service normally executes jobs as the system account, it can be used to modify account privileges. It is also disabled as part of the configuration needed to make a Windows NT machine C2 secure. Due to the fact that the schedule service requires administrator-level access to cause jobs to run, it is considered a low risk.

The Windows NT schedule service has been detected running. This service allows administrators to schedule batch jobs to occur at specified times. Since the schedule service normally executes jobs as the system account, it can be used to modify account privileges. Because the schedule service requires administrator-level access to run jobs, it is considered a low risk vulnerability.

Remove the schedule service.

To disable the service, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Under Services, select Task Scheduler.
3. Click Stop.