Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Could Powershell events be the signs of remote unauthorized access?

26 Feb 2019   #1
Cody381

Win 7 Pro 32bit
 
 
Could Powershell events be the signs of remote unauthorized access?

Hi guys,
While checking out my Windows 7 Pro event viewer, I found about 20 warnings, related to two events under the "Windows Powershell" item on "Services and applications registries".
There are only 2 dates which the events refer to: october 3, and january 22.
I didn't even know what Powershell was and how to run it. But after checking online, I tried to launch the Powershell on my PC and after that I noticed that the Event Viewer was updated with a new "Powershell" warning event. So I guess that whenever Powershell is launched, the EventViewer register such action.
The odd thing though, is that I never ran the Powershell before. Could the october 3 and january 22 Powershell events be related to some remote unauthorized access? Or maybe some application installed on my PC needs to run Powershell instances for some reason?
Thanks!


My System SpecsSystem Spec
.
28 Feb 2019   #2
DownhillDruid67

Windows 7 Home Premium
 
 

I'm not too familiar with Powershell myself, but as far as I know, it's another command line that comes with Windows alongside Command Prompt. So it should be normal that applications will run Powershell to do certain tasks, just like how almost every application will use Command Prompt in order to perform tasks.



I would still suggest running a virus scan though, just in case.
My System SpecsSystem Spec
12 Mar 2019   #3
Cody381

Win 7 Pro 32bit
 
 

Quote   Quote: Originally Posted by DownhillDruid67 View Post
I'm not too familiar with Powershell myself, but as far as I know, it's another command line that comes with Windows alongside Command Prompt. So it should be normal that applications will run Powershell to do certain tasks, just like how almost every application will use Command Prompt in order to perform tasks.



I would still suggest running a virus scan though, just in case.
Thanks for your reply. I also think it could be somethinig like that, even though it's unusual to find only 2 events since I'm using the machine by at least 4 years. I'd expect to find more than that if it was some application to call the powershell for its functioning. Could you guys try to launch the event viewer on your machines and take a look under "Application register and services" - > "Windows PowerShell". Do you also see some events there?
Thanks!
My System SpecsSystem Spec
.

14 Mar 2019   #4
DownhillDruid67

Windows 7 Home Premium
 
 

Quote   Quote: Originally Posted by Cody381 View Post
Thanks for your reply. I also think it could be somethinig like that, even though it's unusual to find only 2 events since I'm using the machine by at least 4 years. I'd expect to find more than that if it was some application to call the powershell for its functioning. Could you guys try to launch the event viewer on your machines and take a look under "Application register and services" - > "Windows PowerShell". Do you also see some events there?
Thanks!
I assume not a lot of applications use Powershell to perform system commands compared to using CMD, so I assume that's why you only have 2.


I checked mine and I have a lot of Powershell events, so on my system, there is at least 1 application that uses it frequently. The reason why you only have 2 may be because it was triggered by an installer? Just guesswork.
My System SpecsSystem Spec
Reply

 Could Powershell events be the signs of remote unauthorized access?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
PC unauthorized access via remote login. Keylogger deteced.
As I was getting ready for bed my PC's screen came on and I noticed the mouse was moving around all laggy/jittery. I instantly knew someone had RDP'd into my PC. I sat at my computer desk and chrome was open (I always leave it open with 3 email tabs). The person was in my main gmail tab...
System Security
Ways to protect myself from unauthorized remote access
Hiya Whilst troubleshooting another issue, I noticed that overnight there are dozens of attempts to log onto my machine remotely (all failing) I checked my router logs and saw a couple of different IP addresses trying to access my PC remotely. Tracing these IPs probably revealed nothing, but...
System Security
Unauthorized Access??? Help interpreting Event Viewer
Hi. I just got home and found my computer turned on. It had been in sleep mode for a few days.. The screen saver was on, and once I moved the mouse I had to enter the password to login. What is driving me crazy is, something woke it up... And I don't know if someone accessed my files......
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:21.
Twitter Facebook