Signed process creates a scheduled task via file access

Cortex XDR Analytics Alert Reference by Alert name

Product

Cortex XDR

Last date published

2026-05-18

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires: XDR Agent
Detection Modules
Detector Tags	Scheduled tasks Analytics
ATT&CK Tactic	Execution (TA0002) Persistence (TA0003)
ATT&CK Technique	Scheduled Task/Job (T1053)
Severity	Informational
Response playbooks	Office process creates a scheduled task via file access

A signed process created a scheduled task via file access. Attackers may create scheduled tasks for execution and to establish persistence.

An attacker may gain persistence and execute malicious tools via scheduled tasks.

Check the created task file and look for the action triggered by the task.

ATT&CK Tactic

ATT&CK Technique

Severity

Low

A signed process created a scheduled task via file access. Attackers may create scheduled tasks for execution and to establish persistence.

An attacker may gain persistence and execute malicious tools via scheduled tasks.

Check the created task file and look for the action triggered by the task.