Could Powershell events be the signs of remote unauthorized access?

Hi guys,
While checking out my Windows 7 Pro event viewer, I found about 20 warnings, related to two events under the "Windows Powershell" item on "Services and applications registries".
There are only 2 dates which the events refer to: october 3, and january 22.
I didn't even know what Powershell was and how to run it. But after checking online, I tried to launch the Powershell on my PC and after that I noticed that the Event Viewer was updated with a new "Powershell" warning event. So I guess that whenever Powershell is launched, the EventViewer register such action.
The odd thing though, is that I never ran the Powershell before. Could the october 3 and january 22 Powershell events be related to some remote unauthorized access? Or maybe some application installed on my PC needs to run Powershell instances for some reason?
Thanks!

I'm not too familiar with Powershell myself, but as far as I know, it's another command line that comes with Windows alongside Command Prompt. So it should be normal that applications will run Powershell to do certain tasks, just like how almost every application will use Command Prompt in order to perform tasks.



I would still suggest running a virus scan though, just in case.

DownhillDruid67 said:

I'm not too familiar with Powershell myself, but as far as I know, it's another command line that comes with Windows alongside Command Prompt. So it should be normal that applications will run Powershell to do certain tasks, just like how almost every application will use Command Prompt in order to perform tasks.



I would still suggest running a virus scan though, just in case.

Thanks for your reply. I also think it could be somethinig like that, even though it's unusual to find only 2 events since I'm using the machine by at least 4 years. I'd expect to find more than that if it was some application to call the powershell for its functioning. Could you guys try to launch the event viewer on your machines and take a look under "Application register and services" - > "Windows PowerShell". Do you also see some events there?
Thanks!

Cody381 said:

Thanks for your reply. I also think it could be somethinig like that, even though it's unusual to find only 2 events since I'm using the machine by at least 4 years. I'd expect to find more than that if it was some application to call the powershell for its functioning. Could you guys try to launch the event viewer on your machines and take a look under "Application register and services" - > "Windows PowerShell". Do you also see some events there?
Thanks!

I assume not a lot of applications use Powershell to perform system commands compared to using CMD, so I assume that's why you only have 2.


I checked mine and I have a lot of Powershell events, so on my system, there is at least 1 application that uses it frequently. The reason why you only have 2 may be because it was triggered by an installer? Just guesswork.