TestimoX

API Reference

Class

ScheduledTaskInfo

Edit on GitHub
Namespace ComputerX.ScheduledTasks
Assembly ComputerX
Source ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:14
Modifiers sealed

Representation of a Windows Scheduled Task focused on Exec actions. When suspicion enrichment is enabled at query time, the IsSuspicious and related fields are populated to aid detection and reporting.

Inheritance

  • Object
  • ScheduledTaskInfo

Constructors

Properties

public String Name { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:14

Task display name (not including folder path).

public String Path { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:16

Full task path (e.g., \Microsoft\Windows\Defender\MpScheduledScan).

public String Command { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:18

Executable path of the first Exec action.

public String Arguments { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:20

Arguments for the first Exec action.

public Boolean Enabled { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:22

Whether the task is enabled.

public Nullable<DateTime> LastRunTime { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:24

Last run time as reported by the scheduler; may be null.

public Nullable<DateTime> NextRunTime { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:26

Next scheduled run time; may be null.

public String RunAsUser { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:29

Account the task runs as (e.g., SYSTEM, DOMAIN\User, DOMAIN\gmsa$).

public String RunAsLogonType { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:31

Task logon type as reported by the scheduler (e.g., ServiceAccount, S4U, Password, InteractiveToken).

public Nullable<Boolean> RunAsIsSystem { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:33

True when the principal resolves to SYSTEM/NT AUTHORITY\\SYSTEM.

public Nullable<Boolean> RunAsIsGmsa { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:35

True when the principal appears to be a Group Managed Service Account (ends with '$') and uses ServiceAccount logon.

public Nullable<Boolean> IsSuspicious { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:40

Suspicious flag computed by ComputerX heuristics when requested. null when not evaluated.

public Nullable<Int32> SuspicionScore { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:42

Suspicion score (0..N). null when not evaluated.

public IReadOnlyList<String> SuspicionReasons { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:44

Human-readable reasons that contributed to the suspicion score (optional).

public IReadOnlyList<String> SuspicionTags { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:46

Short tags for quick filtering (e.g., OutsideRoots, EncodedArgs).

public String SuspicionVersion { get; set; } #
ComputerX/ScheduledTasks/Models/ScheduledTaskInfo.cs:48

Heuristics version string to help correlate results across runs.