Teamviewer scheduled task was identified as MITRE attack TA0003-T1053.005

PfeffeX
PfeffeX Posts: 2
in General questions

Hi maybe somebody from support can help? We have findings in our network that Teamviewer create a scheduled task and this task i identified as a TA0003-T1053.005 technique of MITRE attack framework.

Here is the command: C:\WINDOWS\system32\schtasks /Create /TN TVInstallRestore /TR "C:\WINDOWS\TEMP\TeamViewer\TeamViewer_.exe /RESTORE" /RU SYSTEM /SC ONLOGON /F

Our AntiVirus vendor told us to report this to teamviewer. Can somebody explain what it does?

Regards

PfeffeX

Comments

  • Antoan
    Antoan Posts: 3 Staff member 🤠

    Hi PfeffeX,

    Thanks for reaching out to us!

    We will have a look and get back to you as soon as possible :)

    Regards,

    Antoan

    “ Your focus determines your reality.” – Qui-Gon Jinn
  • chris43545
    chris43545 Posts: 1

    I would also like an explanation or confirmation as to whether this is normal behavior or not. If support could get in touch we would very much appreciate it.

  • Antoan
    Antoan Posts: 3 Staff member 🤠

    Dear Users,

    We have investigated this behavior and decided to address it in the next regular update end of September. The scheduled task you highlighted is commonly used during software installations but can be identified as a privilege-escalation by AV engines which is the reason for the patch.

    We have a security.txt file with contact information to contact our security team directly for any future security-related inquiry you might have.

    Regards,

    Antoan

    “ Your focus determines your reality.” – Qui-Gon Jinn
Trustpilot

Categories

This Week's Leaders