WinRM Security Help

Team 56 1 Reputation point
2023-01-07T16:28:19.46+00:00

Hi, I've been trying to figure out the WinRM event history on my computer, and more specifically, if someone might have potentially used WinRM to gain unauthorized remote access to my machine. I am attaching a pdf with 277089-winrm-logs-compressed.pdf here, could someone please help me review them and let me know if any of those events indicate any signs of remote access / intrusion. I use Windows 11, and I never set up WinRM to begin with. Thank you so much in advance.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,676 questions
Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
445 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,426 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,551 Reputation points
    2023-01-10T09:16:52.163+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

    To check the event history,. all you need to do is to:

    1. Toggle to the Tools tab.
    2. Click Remote Control in the Windows Tools section to start.
    3. To view a computer's history of remote controls, click View History next to the computer's name.

    Follow the instructions below to view the history of every computer:

    1. Toggle to the Admin tab.
    2. In the Tools section, click Action Log Viewer
    3. Select the Remote Control checkbox under the Select Module Type section.
    4. Click show.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.