Teamviewer scheduled task was identified as MITRE attack TA0003-T1053.005

PfeffeX · 2022-08-11T09:55:51+00:00

There was an error rendering this rich post.

Hi maybe somebody from support can help? We have findings in our network that Teamviewer create a scheduled task and this task i identified as a TA0003-T1053.005 technique of MITRE attack framework.

Here is the command: C:\WINDOWS\system32\schtasks /Create /TN TVInstallRestore /TR "C:\WINDOWS\TEMP\TeamViewer\TeamViewer_.exe /RESTORE" /RU SYSTEM /SC ONLOGON /F

Our AntiVirus vendor told us to report this to teamviewer. Can somebody explain what it does?

Regards

PfeffeX

Find more posts tagged with

Comments

Antoan

Dear Users,

We have investigated this behavior and decided to address it in the next regular update end of September. The scheduled task you highlighted is commonly used during software installations but can be identified as a privilege-escalation by AV engines which is the reason for the patch.

We have a security.txt file with contact information to contact our security team directly for any future security-related inquiry you might have.

Regards,

Antoan

chris43545

I would also like an explanation or confirmation as to whether this is normal behavior or not. If support could get in touch we would very much appreciate it.

Antoan

Hi PfeffeX,

Thanks for reaching out to us!

We will have a look and get back to you as soon as possible :)

Regards,

Antoan