Understanding Windows Logs: Is My Brother Being Hacked?

My brother has been feeling a sense of dread lately, convinced that his computer has been compromised by a remote hacker. His anxiety was sparked by some unusual activity he noticed while navigating through the Computer Management window on his Windows 10 PC.

He’s particularly fixated on the “Operational” logs he has discovered under several folders, including “Windows Remote Management” and “Windows Remote Assistance.” The presence of these logs has led him to believe that someone might be accessing his machine from a distance. He identified a specific reference to the Security Identifier (SID) S-1-5-18 within these logs, which has fueled his concerns about possible unauthorized access.

My brother has sought clarity about what these logs actually indicate. If anyone can shed light on their significance, it would be immensely helpful!

For those who want to explore these logs themselves, here’s a simplified guide on how to find them in Windows 10:

1. Open the Computer Management window.
2. Look for the Applications and Services Logs section on the left pane.
3. Navigate to the Microsoft folder.
4. Inside, you will find the Windows folder.
5. Within the Windows folder, access the RemoteAssistance folder.
6. Finally, locate the file labeled Operational where these logs are stored.

If you have insights into the meaning of these operational logs and whether they pose a real threat, please share! It would be great to parse through this confusion and provide some reassurance. Thank you!