UCConfigtask.exe

Webweaver · Sep 11, 2025

Booted up my pc today and had ucconfigtask.exe in System32 try to reach out to 20.106.86.13. The file is catalog signed and VT has no hits on it and the ip is an azure service with the SSL cert being settings.data.microsoft.com. I checked Task Scheduler and found it under Microsoft>Windows>Diagnosis the task named is unexpected code path. Just curious if anyone else has this task/file

I'm 99% it's legit I'm just trying to figured out why it decided to run this morning. If anyone has this file in their system32/task scheduler or knows anything about it please let me know, thanks.

File SHA-256: 2101694e6ff5c9dd56d5c1060e7c1c86e8e41771a232e473568170ad76b35b25

OldMainframeGuy · Sep 11, 2025

According to Copilot:

UCConfigTask.exe is a legitimate Windows background process associated with Microsoft’s Universal Communications (UC) platforms—primarily Skype for Business and Microsoft Teams.
Here’s what it does:
• Configuration Management: It helps initialize and maintain settings for communication tools, ensuring smooth integration and operation.
• Policy Sync: In enterprise environments, it may sync user settings or policies defined by administrators.
• Background Role: It typically runs quietly in the background and is part of the system’s effort to keep communication apps functioning properly.

Should You Be Concerned?
• If you see it running and you're using Teams or Skype for Business, it's likely doing its job.
• If you're not using those apps and it's consuming resources, you might consider disabling it—but only after confirming it's not needed in your setup.

I do have this file on my system and in Task Scheduler in the same place as your system.

garlin · Sep 11, 2025

This is documented in the W11 Privacy guide, under the expected network endpoints (destinations) for different Microsoft services.

Windows 11 connection endpoints for non-Enterprise editions - Windows Privacy

Area	Description	Protocol	Destination
Settings	The following endpoints are used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.	TLSv1.2/HTTPS/HTTP	settings.data.microsoft.com*

Webweaver · Sep 12, 2025

Thanks for the replies. I do try to usually check the IPs it reaches out to but sometimes it's annoying because the hostnames get poisoned on abuseIPDB and virustotal. Copilot told me 20.106.86.13 is reserved for microsoft applications and is not customer infrastructure from azure, but I don't know how true that is.

Anyway thank you for the help, really appreciate it.

Search

UCConfigtask.exe

Webweaver

Active member

My Computers

System One System Two

OldMainframeGuy

Well-known member

My Computer

System One

garlin