Can I trace or audit Remote Scheduled Task (at.exe) Commands?

Posted on 2009-03-30
Last Modified: 2012-05-06
I have some virus that remotely schedules tasks on other computers and that made me think:

On the machine that the task is created on, is it possible to see from which machine that task was actually created? I assume using auditing it should be possible to trace this?

Any ideas?
Question by:GSLBermuda
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022054

Author Comment

ID: 24022197
We already found out which virus we are dealing with (and yes, it was that one), that wasn't my question (I didn't post the question in the antii virus section ;-) ) My question is more in general, if someone remotely schedules a task on another computer, it is possible to trace such an attempt (succes or not) on the remote machine and how would I identify that in the event viewer or something like that.
LVL 47

Accepted Solution

Donald Stewart earned 500 total points
ID: 24022247
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022266
Also some people have posted in other sections unknowing that they had said virus, so better safe than sorry :-)

Hope the above helps you

Author Comment

ID: 24022637
No Worries! And thanks, that article was very helpful.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question