News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • What’s in your task scheduler?

    Home Forums AskWoody blog What’s in your task scheduler?

    Viewing 15 reply threads
    • Author
      Posts
      • #2367911
        Susan Bradley
        Manager

        Youtube here This task for the weekend was inspired by Robtl’s post in the forum asking about black DOS boxes that would randomly pop up on his screen
        [See the full post at: What’s in your task scheduler?]

        Susan Bradley Patch Lady

        1 user thanked author for this post.
      • #2367925
        Alex5723
        AskWoody Plus

        Nothing special (Apple, Google, Kaspersky, Microsoft, Nvidia, ShadowCopy..)

      • #2367934
        Microfix
        AskWoody MVP

        Evidence of a controlled minimalistic ethos

        | Quality over Quantity |
        • #2367988
          Noel Carboni
          AskWoody_MVP

          Good lord, is that your entire Autoruns output, Microfix? Or is it filtered somehow?

          FWIW, on Win 10 I have pages upon pages of \Microsoft\Windows… entries. But not the several you show.

          Just a general comment here – when I find things I don’t want having been added to the scheduler (or any of the other dozens of ways of getting something running) I use AutoRuns64.exe (from the SysInternal web site) to disable them, which I think is what Microfix is showing up above with the unchecked boxes also. Specifically disabling things – vs. deleting them – leaves you a record so that later you can say, “Aha! That has been re-added, but there’s also a disabled entry, so clearly I made the decision to exclude that from running at some time in the past”

          -Noel

          • #2368020
            Microfix
            AskWoody MVP

            You are correct Noel, using sysinternals autoruns with the ‘Hide Windows Entries’ and ‘Hide Empty Locations’ filters displays the above screenshot. Having said that, there are many more unticked within the ‘Hide Windows Entries’ filter on that Windows 7 installation.
            This is where Portable apps help in preventing autostarts from being injected, unless specifically created by the end-user.

            | Quality over Quantity |
      • #2367936
        anonymous
        Guest

        First stray found is npcapwatchdog (packet capture) running at system startup.

        I do check startups occasionally and don’t recall seeing that before. I have no idea why it is there but its disabled while I try to work out how it found its way onto my Dell. I am experienced and doubt very much you’d be able to help beyond what I found personally but it may inspire other to start looking and questioning.

        Plenty to go!

        • #2367948
          Alex5723
          AskWoody Plus

          npcapwatchdog probably installed by Wireshark which installed Npcap

          https://github.com/nmap/npcap/issues/274

          • #2367950
            anonymous
            Guest

            Wireshark was never installed on my system but there is a possibility I tested an alternative. Whatever it was, its not there now. I am yet to do research in c:\users but expect to find a clue there in appdata.

            • #2368062
              anonymous
              Guest

              Just finished searching using Alternativeto as a guide. Nothing there rung a bell and no leftovers from any located using Everything

      • #2367944
        Microfix
        AskWoody MVP

        This task for the weekend was inspired by Robtl’s post in the forum asking about black DOS boxes that would randomly pop up on his screen.

        which post #2367643 or #2367687?

        | Quality over Quantity |
      • #2367959
        Mele20
        AskWoody Lounger

        About 10 tasks. Most are nVidia junk. I see a DOS black box flash at 12:30AM every day. It is is so fast a flash that I have no idea what it is. This has happened for many years through several Dell computers and OSes.

        As for my browsers, I would NEVER allow them to update willy-nilly. I deliberately run Fx 60.9 ESR because versions after that are unrecognizable as being Fx. I update my other browsers manually and always have.

        I’m going to get rid of the junk that updates at 12:30AM. Task Scheduler is just another way for Microsoft to try and own our computers. I will update on my own as it is my computer. I already update Windows Defender manually each day when I get on the computer each day. I keep Windows Update disabled via Winaero Tweaker so Defender cannot update until I deliberately lift the disabled status long enough enough to get the daily update.

        • #2367994
          Noel Carboni
          AskWoody_MVP

          The problem with taking on the task of de-scheduling the things Microsoft wants scheduled is that THEY wrote the setup into a program (e.g., that runs during an OS update) and you’re talking about selectively disabling entries (which – don’t get me wrong – can be a good idea for some things).

          In the long term this requires you be on top of what every job does, and how the various entries interact – not to mention how various system components start. I know for example that if you disable that WaasMedic item it’ll get re-enabled. There is a tangled web of inter-dependency and I’ll wager none of us is up to the long term task of seeing to it that we retain full control of what our up-to-date Windows 10 systems are doing at various times.

          Unless you can find a Microsoft-supplied setting (or policy) for averting e.g., “medic” activities, you’re probably going to be frustrated by things returning on their own.

          -Noel

      • #2367945
        anonymous
        Guest

        In a Home version, How do I disable \Microsoft\Windows\WaaSMedic

        • #2367984
          Susan Bradley
          Manager

          There’s a registry key you can adjust – but may I ask what is the process doing that you want to disable it? The goal is to ensure that windows update is able to function.

          Susan Bradley Patch Lady

          • #2368028
            anonymous
            Guest

            Thank you. My reason is similar to the question on the linked page. I prefer to be in control of when update happens. If not disabled, Windows seems to update no matter what steps I’ve been taking to prevent it. Either I will flip the key value with reg files of update manually (which is my preference).

            Risk? I’ve began manually updating since some time in the last century and never forgot to update yet.

      • #2367969
        agoldhammer
        AskWoody Plus

        Thanks for this.  I have a lot of NVIDIA tasks that are completed.  I also found that I had GoToMeeting installed and I cannot remember installing this app.  Maybe it was for some online meeting that I had back in April.

      • #2367979
        CyGuy
        AskWoody Plus

        I have Adobe Flash Player NPAPI Notifier.  Seems like that should no longer be there.  How can I check to see if Flash Player has really been installed? TIA

        • #2367981
          PKCano
          Manager

          Look in the Control Panel. It the Flash Player icon is still there, go to Adobe.com and download the remover.

          1 user thanked author for this post.
        • #2368065
          SteveTree
          AskWoody Lounger

          The Flash uninstaller is not much better than Windows cleaning up after itself. For that matter, neither are most other software programs.

          If you wish to clean leftover folders and files, AFTER YOU UNINSTALL, if you have Everything (file finder), search for ‘Flash Player’. Some of the entries will be safe to delete. Some won’t.

          DO NOT DELETE anything in C:\Windows\WinSxS\… It is a ‘Danger Will Robinson’ folder.  More information if you want it. The main message to take out of that link is to use DISM if you need to clean up WinSxS and nothing else.

          It should be safe to delete the empty (or near empty – I forget) Flash Player folder in program files directory.

          It should be safe to delete anything found in C:\Users\{User name}\AppData\Roaming\Adobe\Flash Player

          Other location I forget so do your research before deleting.

           

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

      • #2367989
        berniec
        AskWoody Plus

        I don’t use OneDrive and I have  “OneDrdive standalone Update:
        At 3:00 AM 5/1/1992  repeat every 1.00:00:00
        Is that “every day”?

        StartCN: at any login.  Some AMD thing

        StartDVR: runs RSServCmd

        but beyond those, nothing suspicious [win10/pro/20H2]

         

         

        • #2368098
          SteveTree
          AskWoody Lounger

          To completely uninstall Ondrive

          Now to Task Scheduler in case the the task is missed by the uninstaller (not that it causes problems if left):

          Open task scheduler

          Find the task

          On the RHS, you’ll see options to disable or delete. I would ‘delete’. You can always install again if you change your mind.

           

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

      • #2367993
        Noel Carboni
        AskWoody_MVP

        Hm, this is a good time to ask a question that’s been bugging me (okay, only a little)…

        With the advent of the Chromium-based web browser, we got a Chromium-like update strategy, in which Microsoft has added two entries to the Task Scheduler:

        MicrosoftEdgeUpdateTaskMachineCore
        MircorosftEdgeUpdateTaskMachineUA

        I absolutely don’t actually use Edge, nor do I intend to start. I use another Chromium based product called Brave that’s privacy-oriented. I’ll ask my question several ways…

        • Do we NEED every day scheduled Edge updates, separate from Windows Updates?
        • Do you have experience with having disabled these entries?
        • Is this just for the browser, or are there embedded components like what IE was?

        -Noel

        • #2367997
          Susan Bradley
          Manager

          Yes, Edge updates independently – and given that attackers go after zero days in browsers this is a good thing.  I don’t disable them and I also go into the Edge browser and tell it to bypass the metered connection setting.

          Attackers could “call” a specific browser so it’s wise to keep them updated.

          Never say never. This week’s bug not withstanding, it’s always wise to have multiple browsers.

          Susan Bradley Patch Lady

        • #2368029
          Microfix
          AskWoody MVP

          Do we NEED every day scheduled Edge updates, separate from Windows Updates?
          Do you have experience with having disabled these entries?
          Is this just for the browser, or are there embedded components like what IE was?

          Not if Chromium Edge tentacles are prevented at start, blocked with a firewall and severed first, then Edge can be removed and deprovisioned without SFC integrity violations and some DISM surgery, although for how long, is anyone’s guess..

          Yes, on a 21H1 test installation (powershell commandlets as well as registry editing)

          Not seeing that although I’d expect things will change to prevent isolation/ removal..

          So on that test installation, as an experiment, I’ve manually disabled IE, had old Edge removed by MSFT and have manually removed Chromium Edge leaving Firefox to reside on the throne.

          | Quality over Quantity |
        • #2368070
          SteveTree
          AskWoody Lounger

          I don’t know. However I use a third party uninstaller to get rid of Edge every month after this month’s resurrection am testing a tip to change the attributes of its now empty folder to prevent it being overwritten.

          After uninstalling Edge, there are still 423 items when I search for ‘Microsoft Edge’ using Everything (after a Windows clean, manual prune and a DISM clean).

          The device is a Home version laptop.

          I know you know but others need the warning to be wary what files and folders they delete. Prior research and a lot of caution prevents tears.

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

      • #2367998
        berniec
        AskWoody Plus

        Another angle on this is how to check all the built-in tasks.  When you just fire up Task Scheduler you’re looking at the “Task Scheduler Library”.  But if you look below that you find a lot of other tasks.  One I just found is “Agent Activation Runtime”  it is disabled and last run time is 11/30/1999 [!!]  It runs System32\AgentActivationRuntimeStarter.   I suppose I could delete it, since it hasn’t run in twenty years and I don’t see anything going awry /

        And if you dive below Microsoft>Windows there are scores of tasks… I just skimmed them and they seem reasonable [and/or mysterious].

      • #2368011
        alkhall
        AskWoody Lounger

        Mine:

         

      • #2368052
        skcusime
        AskWoody Plus

        I may have run AdwCleaner at some stage, being a Malwarebytes user, but a search of my C: drive doesn’t show it anywhere. Why would this be showing in Task Scheduler? Also, what is the first entry?

         

        • #2368057
          Susan Bradley
          Manager

          Welcome to “this software never cleans itself up well” and leaves behind tasks.

          Susan Bradley Patch Lady

      • #2368851
        garycahn
        AskWoody Plus

        Dear Susan,

        I would be extremely interested if someone on your staff would write a detailed article about Task Scheduler and how to use it. I’m particularly interested in the relationship between Task Scheduler and 3 other similar items in Windows 10:

        1. Task Manager, which has a tab named Startup. Software Manufacturers add items to the Startup tab that launches when Windows 10 launches
        2. In the Notification Area in the bottom right section of my screen, there is an upfacing triangle. When I hover over the triangle, there are many icons, and I know that each one of those was put there by a Software Manufacturer. Each of those icons starts up additional items when Win 10 launches.
        3. There are 2 folders on my Win 10 computer. They are:
        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
        C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

        Software manufacturers put items in each of these folders that startup programs when Windows 10 launches.

        As near as I can tell, that means that each of the 3 items above as well as Task Scheduler launch programs or mini-programs on my computer when my computer boots. I know there is no overlap among the 3 items I’ve listed above, but how does Task Scheduler fit into all of this? Is there overlap between what Task Scheduler launches and the 3 items listed above?

        An article in your newsletter about this subject would be gratefully welcome.

        Many thanks for your consideration.

        Gary Cahn

      • #2369035
        Paul T
        AskWoody MVP

        1.Startup items have nothing to do with Task Scheduler. TS is for stuff that runs occasionally, but not all the time, e.g. maintenance tasks.
        2.Things in the Tray are stuff you need to know about but not actively use (mostly). The program puts the item there when it starts (with Windows), e.g. Windows Security (aka Defender).

        If you want a comprehensive (read scary) list of what starts, download MS Autoruns and fire it up.

        cheers, Paul

        • #2369163
          SteveTree
          AskWoody Lounger

          If anyone takes up the suggestion to use Autoruns, make sure you switch on the option to check VirusTotal and run the check. It can’t do the check unless Autoruns sends data to VirusTotal for screening so you’ll be prompted to agree on a privacy pop-up the first time you do that.

          Don’t panic about VirusTotal scores of 1 or 2 but if a few or more vendors are giving higher scores, it is time to do some malware investigation before deciding whether or not you need whatever it is in your PC that wants to run on a cycle or when something else happens.

          Running VirusTotal regularly  with the VirusTotal check adds a layer of malware checking. You can run it from Task Scheduler so you don’t forget.

          How to schedule a task

           

           

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

    Viewing 15 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: What’s in your task scheduler?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel