How can defenders mitigate or detect the SilentCleanup UAC bypass?

Defenders can modify the scheduled task to use an absolute path instead of `%windir%` by running PowerShell commands like `Set-ScheduledTask SilentCleanup -Action $action` with a hardcoded `c:\Windows\System32\cleanmgr.exe`. For detection, administrators can use PowerShell to list scheduled tasks with high run levels and executable actions (e.g., `Get-ScheduledTask | Where-Object { $_.Principal.RunLevel -ne "Limited" ... }`). This proactive hunting helps identify similar vulnerabilities in other tasks.