Youtube here This task for the weekend was inspired by Robtl’s post in the forum asking about black DOS boxes that would randomly pop up on his screen
[See the full post at: What’s in your task scheduler?]
Susan Bradley Patch Lady/Prudent patcher
![]() |
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » What’s in your task scheduler?
Tags: Patch Lady Posts
Youtube here This task for the weekend was inspired by Robtl’s post in the forum asking about black DOS boxes that would randomly pop up on his screen
[See the full post at: What’s in your task scheduler?]
Susan Bradley Patch Lady/Prudent patcher
Good lord, is that your entire Autoruns output, Microfix? Or is it filtered somehow?
FWIW, on Win 10 I have pages upon pages of \Microsoft\Windows… entries. But not the several you show.
Just a general comment here – when I find things I don’t want having been added to the scheduler (or any of the other dozens of ways of getting something running) I use AutoRuns64.exe (from the SysInternal web site) to disable them, which I think is what Microfix is showing up above with the unchecked boxes also. Specifically disabling things – vs. deleting them – leaves you a record so that later you can say, “Aha! That has been re-added, but there’s also a disabled entry, so clearly I made the decision to exclude that from running at some time in the past”
-Noel
You are correct Noel, using sysinternals autoruns with the ‘Hide Windows Entries’ and ‘Hide Empty Locations’ filters displays the above screenshot. Having said that, there are many more unticked within the ‘Hide Windows Entries’ filter on that Windows 7 installation.
This is where Portable apps help in preventing autostarts from being injected, unless specifically created by the end-user.
First stray found is npcapwatchdog (packet capture) running at system startup.
I do check startups occasionally and don’t recall seeing that before. I have no idea why it is there but its disabled while I try to work out how it found its way onto my Dell. I am experienced and doubt very much you’d be able to help beyond what I found personally but it may inspire other to start looking and questioning.
Plenty to go!
Just finished searching using Alternativeto as a guide. Nothing there rung a bell and no leftovers from any located using Everything
About 10 tasks. Most are nVidia junk. I see a DOS black box flash at 12:30AM every day. It is is so fast a flash that I have no idea what it is. This has happened for many years through several Dell computers and OSes.
As for my browsers, I would NEVER allow them to update willy-nilly. I deliberately run Fx 60.9 ESR because versions after that are unrecognizable as being Fx. I update my other browsers manually and always have.
I’m going to get rid of the junk that updates at 12:30AM. Task Scheduler is just another way for Microsoft to try and own our computers. I will update on my own as it is my computer. I already update Windows Defender manually each day when I get on the computer each day. I keep Windows Update disabled via Winaero Tweaker so Defender cannot update until I deliberately lift the disabled status long enough enough to get the daily update.
The problem with taking on the task of de-scheduling the things Microsoft wants scheduled is that THEY wrote the setup into a program (e.g., that runs during an OS update) and you’re talking about selectively disabling entries (which – don’t get me wrong – can be a good idea for some things).
In the long term this requires you be on top of what every job does, and how the various entries interact – not to mention how various system components start. I know for example that if you disable that WaasMedic item it’ll get re-enabled. There is a tangled web of inter-dependency and I’ll wager none of us is up to the long term task of seeing to it that we retain full control of what our up-to-date Windows 10 systems are doing at various times.
Unless you can find a Microsoft-supplied setting (or policy) for averting e.g., “medic” activities, you’re probably going to be frustrated by things returning on their own.
-Noel
There’s a registry key you can adjust – but may I ask what is the process doing that you want to disable it? The goal is to ensure that windows update is able to function.
Susan Bradley Patch Lady/Prudent patcher
Thank you. My reason is similar to the question on the linked page. I prefer to be in control of when update happens. If not disabled, Windows seems to update no matter what steps I’ve been taking to prevent it. Either I will flip the key value with reg files of update manually (which is my preference).
Risk? I’ve began manually updating since some time in the last century and never forgot to update yet.
The Flash uninstaller is not much better than Windows cleaning up after itself. For that matter, neither are most other software programs.
If you wish to clean leftover folders and files, AFTER YOU UNINSTALL, if you have Everything (file finder), search for ‘Flash Player’. Some of the entries will be safe to delete. Some won’t.
DO NOT DELETE anything in C:\Windows\WinSxS\… It is a ‘Danger Will Robinson’ folder. More information if you want it. The main message to take out of that link is to use DISM if you need to clean up WinSxS and nothing else.
It should be safe to delete the empty (or near empty – I forget) Flash Player folder in program files directory.
It should be safe to delete anything found in C:\Users\{User name}\AppData\Roaming\Adobe\Flash Player
Other location I forget so do your research before deleting.
Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)
To completely uninstall Ondrive
Now to Task Scheduler in case the the task is missed by the uninstaller (not that it causes problems if left):
Open task scheduler
Find the task
On the RHS, you’ll see options to disable or delete. I would ‘delete’. You can always install again if you change your mind.
Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)
Hm, this is a good time to ask a question that’s been bugging me (okay, only a little)…
With the advent of the Chromium-based web browser, we got a Chromium-like update strategy, in which Microsoft has added two entries to the Task Scheduler:
MicrosoftEdgeUpdateTaskMachineCore
MircorosftEdgeUpdateTaskMachineUA
I absolutely don’t actually use Edge, nor do I intend to start. I use another Chromium based product called Brave that’s privacy-oriented. I’ll ask my question several ways…
-Noel
Yes, Edge updates independently – and given that attackers go after zero days in browsers this is a good thing. I don’t disable them and I also go into the Edge browser and tell it to bypass the metered connection setting.
Attackers could “call” a specific browser so it’s wise to keep them updated.
Never say never. This week’s bug not withstanding, it’s always wise to have multiple browsers.
Susan Bradley Patch Lady/Prudent patcher
Do we NEED every day scheduled Edge updates, separate from Windows Updates?
Do you have experience with having disabled these entries?
Is this just for the browser, or are there embedded components like what IE was?
Not if Chromium Edge tentacles are prevented at start, blocked with a firewall and severed first, then Edge can be removed and deprovisioned without SFC integrity violations and some DISM surgery, although for how long, is anyone’s guess..
Yes, on a 21H1 test installation (powershell commandlets as well as registry editing)
Not seeing that although I’d expect things will change to prevent isolation/ removal..
So on that test installation, as an experiment, I’ve manually disabled IE, had old Edge removed by MSFT and have manually removed Chromium Edge leaving Firefox to reside on the throne.
I don’t know. However I use a third party uninstaller to get rid of Edge every month after this month’s resurrection am testing a tip to change the attributes of its now empty folder to prevent it being overwritten.
After uninstalling Edge, there are still 423 items when I search for ‘Microsoft Edge’ using Everything (after a Windows clean, manual prune and a DISM clean).
The device is a Home version laptop.
I know you know but others need the warning to be wary what files and folders they delete. Prior research and a lot of caution prevents tears.
Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)
Another angle on this is how to check all the built-in tasks. When you just fire up Task Scheduler you’re looking at the “Task Scheduler Library”. But if you look below that you find a lot of other tasks. One I just found is “Agent Activation Runtime” it is disabled and last run time is 11/30/1999 [!!] It runs System32\AgentActivationRuntimeStarter. I suppose I could delete it, since it hasn’t run in twenty years and I don’t see anything going awry /
And if you dive below Microsoft>Windows there are scores of tasks… I just skimmed them and they seem reasonable [and/or mysterious].
Dear Susan,
I would be extremely interested if someone on your staff would write a detailed article about Task Scheduler and how to use it. I’m particularly interested in the relationship between Task Scheduler and 3 other similar items in Windows 10:
1. Task Manager, which has a tab named Startup. Software Manufacturers add items to the Startup tab that launches when Windows 10 launches
2. In the Notification Area in the bottom right section of my screen, there is an upfacing triangle. When I hover over the triangle, there are many icons, and I know that each one of those was put there by a Software Manufacturer. Each of those icons starts up additional items when Win 10 launches.
3. There are 2 folders on my Win 10 computer. They are:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Software manufacturers put items in each of these folders that startup programs when Windows 10 launches.
As near as I can tell, that means that each of the 3 items above as well as Task Scheduler launch programs or mini-programs on my computer when my computer boots. I know there is no overlap among the 3 items I’ve listed above, but how does Task Scheduler fit into all of this? Is there overlap between what Task Scheduler launches and the 3 items listed above?
An article in your newsletter about this subject would be gratefully welcome.
Many thanks for your consideration.
Gary Cahn
1.Startup items have nothing to do with Task Scheduler. TS is for stuff that runs occasionally, but not all the time, e.g. maintenance tasks.
2.Things in the Tray are stuff you need to know about but not actively use (mostly). The program puts the item there when it starts (with Windows), e.g. Windows Security (aka Defender).
If you want a comprehensive (read scary) list of what starts, download MS Autoruns and fire it up.
cheers, Paul
If anyone takes up the suggestion to use Autoruns, make sure you switch on the option to check VirusTotal and run the check. It can’t do the check unless Autoruns sends data to VirusTotal for screening so you’ll be prompted to agree on a privacy pop-up the first time you do that.
Don’t panic about VirusTotal scores of 1 or 2 but if a few or more vendors are giving higher scores, it is time to do some malware investigation before deciding whether or not you need whatever it is in your PC that wants to run on a cycle or when something else happens.
Running VirusTotal regularly with the VirusTotal check adds a layer of malware checking. You can run it from Task Scheduler so you don’t forget.
Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.