pimp wrote:
How is posible to know if a script was executed in a Windows Machine using WMI, wscript or cscript? I mean, where do you have to search to know exactly that a script was executed, from where (local or remote), what processes and what kind of logs were generated? Is there any place of the Windows registry that can help to search this?
Generally speaking, no, on all counts. It is possible to know if a script has executed if you know what the script does and what artifacts it creates. If the system is Windows XP, the executed script would have it's last accessed date updated.
In general, logs are not created when scripts are executed, unless the script is written to generate a log entry. There may be other possibilities, however...some AV products monitor behaviors, such as programs executing from Temp folders, so there might be some possibilities there...I'd do testing to be sure.
pimp wrote:
Is there any method to execute hidden tasks using the Windows Scheduler?
What is a "hidden" task?
pimp wrote:
How to know if someone is using this method? Is there more locations apart from autostart points in the registry that can be used to execute scheduled tasks?.
Different Windows systems have different ways of logging scheduled task activity, with Vista+ systems being the more prolific. Scheduled tasks are not generally "run" from autostart locations, per se, although they could easily be _created_ by a program or script run from an autostart location.
HTH
↧