You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?
You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?
Taskeng.exe is the Task Scheduler Engine in Windows. It handles running scheduled tasks on the system. When you notice it involved in a detection, the logical activity to investigate next is to check for any scheduled tasks registered prior to the detection. This can help identify if a malicious task was scheduled to execute at a specific time, which could help understand the nature of the detection and whether it was part of a broader malicious activity.
Wildbanana is actually correct this time - On older windows versions any task that runs will spawn a “taskeng.exe” (short for Task Engine) process and the “taskeng.exe” process will spawn the executable(s) requested by the task. So if you was investigating this you woiuld want to look for when the scheduled task was registered.
checked in docs