Hidden Task Revealer

No, it is not a hidden task

Andy,

It's taken me an hour or more to finish writing this post. My 'it is not a hidden task' comment was a response to another user not to you.
- Task scheduler does not, by default, show hidden tasks [tasks that have a deliberate hidden property] but our problem items are not of that nature.
- If the problem items were merely records of a hidden task it would have taken approximately a miniute to resolve the issue.
- In other words, whilst we might think of the instigating thing being hidden, it is not a "hidden task" as such.

You can use anything in any of my responses in any way you see fit.

On one known-awkward computer, I am getting an error about VCRunTime140.dll being missing. I'm just checking for the most reliable explanation & source before downloading anything - it seems to be a component of Microsoft Visual C++ 2015 Redistributable Update 3 RC so, if that's correct, I can get it directly from MS.

In the meantime, my startup script is working well on 2 other computers. Here it is
UnknownTaskSuppressor.bat

Code:

:: This procedure uses Andy Bruin WpTasks.exe to reveal the whatever-status-it-is Task giving rise to the entries in TS, Task status
:: They are created at rebooting but not always - hence the decision to retain logs for the time being
:: It is currently written in the expectation of only a single GUID being reported
prompt $g
Set ThisTitle=Checking, cleaning unknown task creation
Title %ThisTitle%

::Set WorkingFolder=%Temp% :: Only use the Temp folder when I have removed log retention
Set WorkingFolder=E:\UtilityHub\TS\UnknownTaskSuppressor
Set TheToolFolder=C:\Tools\TS\UnknownTaskSuppressor\
Set TheToolName=WpTasks.exe
Set ThisGUID=

:: Examine the log
%TheToolFolder%%TheToolName% >%WorkingFolder%\WpTasks.Log
For /f  "tokens=1" %%X in (%WorkingFolder%\WpTasks.Log) do Call :TaskProcessing "%%X"
If Not "%ThisGUID%"=="" %TheToolFolder%%TheToolName% /d %ThisGUID%
GoTo CloseTaskSuppressor

:TaskProcessing
:: Detect and retrieve the GUID, if any
Set ThisLine=%~1
:: Detect GUID by detecting { as the first character of the passed parameter
If "%ThisLine:~0,1%"=="{" (Set ThisGUID=%ThisLine%) Else (GoTo :eof)
::Remove the {} at start and end
Set ThisGUID=%ThisGUID:~1%
Set ThisGUID=%ThisGUID:~0,-1%
GoTo :eof

:CloseTaskSuppressor
:: Later on, I will just delete the log file but for at least the first month of use I will keep it so I can review when the Unwanted tasks get created
:: If I decide to keep doing this then I will streamline the procedure for that - e.g. reduce the number of variables
:: Del %WorkingFolder%\WpTasks.Log
Call "C:\Tools\Rename\RenameDLM.vbs" "%WorkingFolder%\WpTasks.Log"

:EndTaskSuppressor
::Pause at end during testing

It runs from a Task scheduler task that I have set to run at logon rather than startup.

Note 1 - You'll need to set WorkingFolder, TheToolFolder, TheToolName to suit your own preferences.
Note 2 - I have particular attitudes to where to store scripts and how to manage their use in Task scheduler - see Make Task scheduler run a batch file minimised and with a specific icon - TenForums
Note 3 - I have decided to keep my WpTasks.exe responses as logs for the next month or so because I want to review them later on. So I have called another script of mine C:\Tools\Rename\RenameDLM.vbs that adds the DLM to the filename to allow multiple copies to be kept easily.

- RenameDLM changes WpTasks.Log into 20200527 140441 WpTasks.Log so that's yyyymmdd hhnnss [hhmmss]
- The calling line illustrates the syntax needed for RenameDLM, just in case you decide to use it elsewhere.
- If you do not want to use RenameDLM you can just :: remark out or delete that line in the script and optionally un-remark the line about deleting the log file at the end.
- This script is one that I have earmarked for translation into PowerShell in the fullness of time so I have never bothered tidying up the code.
- You will need to revise the RenameDLM code to deal with the format of your date retrieval - see the line 'DLM format is 25/01/2014 02:39:59 and the variable extractions that follow.

- For checks like this, I just add a MsgBox line in the vbs for the variable concerned
- So that would be MsgBox DLM
- Then I copy the format used in the response, paste it in the vbs file and alter the variable extractions as required
- I kill the vbs before accepting the MsgBox so I don't let it complete using unwanted date formats
- I do not for one moment think you need me to tell you how to modify the variable extractions but if you have any doubts just post a Snipping tool picture of the dialog box and I'll rewrite the code for you.
- I have given you this file as it exists on my computer. You can ignore the discussive lines about using the same structure for creating a backup copy instead of renaming a file.

- If I stop wanting to review responses then I will delete the call to RenameDLM and tidy up the batch file use of variables. That will probably not be before the next blue moon.

I have attached a zip of the UnknownTaskSuppressor.bat script and associated files [see my note 2], the RenameDLM file and the TS Task definition. You should check ownership and permissions before using them because they come from a restricted access folder on my computer & I cannot remember what WinZip preserves of those properties. UnknownTaskSuppressor.zip

By the way, I have already seen new WpTasks responses showing that a new item [with a constant GUID] has been created at restart as well as responses showing no new item has been created at restart.

Additional - Whilst tinkering, I also discovered that WpTasks responses have identified a new item some 3 hours after my last restart [but, as expected, nothing is yet shown in the Task status pane]. This time the GUID is different.
- I think I will alter the TS Task to run at logon and then every NNN hours so that at no stage is the 12 hour period you mentioned ever reached.
- I'll start with 11 hours. I can't think of any reason to justify any particular frequency.


Denis

Andy,

About the Microsoft Visual C++ 2015 Redistributable I need to add to my awkward computer

The guidance I have found states that I need to use the x64 version of the C++ Redistributable because my Windows is x64 on the problem computer.

I am not convinced that this is correct.

Is there anything in your development records about external references that would confirm this one way or the other?
In other words, I suspect that WpTasks.exe references the x86 version of the C++ Redistributable even when running on x64 Windows.

Knowing this will save me having to try both and make several system images as I go along [just in case].

Denis

Bree ,

Thanks for that. I agree with you.

Denis

I installed the x86 version and the WpTools.exe task ran correctly.

I have now set the UnknownTaskSuppressor TS Task to run at user logon and then every 11 hours.UnknownTaskSuppressor-RevisedTask.zip

My masterplan is now not to fiddle with anything but to wait almost 30 days then check that no new instances have been started since this afternoon on all 3 computers.

Two of my three computers have previous instances still shown as running despite computer restarts since then.

Denis

Nothing found for me: