![](https://www.pwndefend.com/wp-content/uploads/2021/02/iStock-1161352107-730x350.jpg)
Hunting for New Group Policies Where Scheduled Tasks are…
A common way to deploy an encryption routine used in Ransomware scenarios is to create a scheduled task to launch a cyptor exe. This is commonly deployed via a Group Policy Object (GPO).
So I wanted to look at how with Microsoft Defender for Endpoint (MDE) we could detect this both on domain controllers but also on CLIENT devices (MEMBER SERVERS/PCs)
Read more “Hunting for New Group Policies Where Scheduled Tasks are used”