Logs when my computer was not turned on

Norton Security | Norton Internet Security
1

Hi,,

 

This is a bit of a weird one!!

 

Yesterday I left home at 20.10 pm and went to work, i didnt turn on the laptop at work until 2am. At 20.10 pm it says user logged out.

 

When i turned it on at work, there were windows updates to IE 10. I have now seen that windows7 do updates on computer log off.

 

In the norton logs, between 20.10pm and 20.45 there are various logs of my laptop connecting to networks...but the laptop was in with me in its bag, i was on the train or by foot.

 

Are these logs linked to the windows update? The windows updates also range from 20.10 to 20.45.

 

Could it be that i closed down the comp and then the updates started? but i thought for updates you needed an internet connection. I did not have internet connection between 20.10 and 20.45 as i was travelling to work.

 

I have done the same journey tonight, with the computer not fully turned off and there are no logs between the time I logged out at home and arrived to work.

 

Please advise.

 

Also, some of the logs last night were in red as in high alert, yet when i went home and looked again, the same logs from the same times were not 'red'.

 

In the properties section on norton, should there be 'Everyone' in the security section. Is someone trying to hack into my computer? Please let me know.

 

Thanks

2

Hi cl1234,

 

What networks were shown in the logs?  The firewall will show internal loopback networks which have no internet access, as well as other networks.

3

Hi,,

 

This is a bit of a weird one!!

 

Yesterday I left home at 20.10 pm and went to work, i didnt turn on the laptop at work until 2am. At 20.10 pm it says user logged out.

 

When i turned it on at work, there were windows updates to IE 10. I have now seen that windows7 do updates on computer log off.

 

In the norton logs, between 20.10pm and 20.45 there are various logs of my laptop connecting to networks...but the laptop was in with me in its bag, i was on the train or by foot.

 

Are these logs linked to the windows update? The windows updates also range from 20.10 to 20.45.

 

Could it be that i closed down the comp and then the updates started? but i thought for updates you needed an internet connection. I did not have internet connection between 20.10 and 20.45 as i was travelling to work.

 

I have done the same journey tonight, with the computer not fully turned off and there are no logs between the time I logged out at home and arrived to work.

 

Please advise.

 

Also, some of the logs last night were in red as in high alert, yet when i went home and looked again, the same logs from the same times were not 'red'.

 

In the properties section on norton, should there be 'Everyone' in the security section. Is someone trying to hack into my computer? Please let me know.

 

Thanks

4

Hi

 

Here are a selection of the logs during the time when I was walking to work:

 

-Category: Firewall - Network and Connections

Date & Time,Risk,Activity,Status,Recommended Action,Gateway Physical Address

18/05/2013 20:20,High,You are connected to a wireless network that is not secure. (00 23 7D A1 7C 9C),Protected,No Action Required,00 23 7D A1 7C 9C

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 18/05/2013 20:20,Info,"IP address has disappeared from adapter Broadcom 802.11n Network Adapter and is no longer being protected (IP address: 192.168.1.33).",Detected,No Action Required,Firewall - Network and Connections

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Gateway Physical Address 18/05/2013 20:23,High,You are connected to a wireless network that is not secure. (30 37 A6 89 59 42),Protected,No Action Required,30 37 A6 89 59 42

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 18/05/2013 20:24,Info,"IP address has disappeared from adapter Broadcom 802.11n Network Adapter and is no longer being protected (IP address: fe80::6d24:ed17:4c0e:7d81).",Detected,No Action Required,Firewall - Network and Connections

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 18/05/2013 20:40,Info,"Protecting your connection to a newly detected network on adapter \"Broadcom 802.11n Network Adapter\" (IP address: fe80::6d24:ed17:4c0e:7d81).",Detected,No Action Required,Firewall - Network and Connections

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Gateway IP Address 18/05/2013 20:40,High,You are connected to a wireless network that is not secure. (10.42.0.1),Protected,No Action Required,10.42.0.1

 

-

Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Gateway Physical Address 18/05/2013 20:45,High,You are connected to a wireless network that is not secure. (00 1C F0 75 60 EF),Protected,No Action Required,00 1C F0 75 60 EF

 

 

5

It looks like the computer was simply connecting to open wifi networks that were within range.  Do you occasionally, use wireless in the locations you were at?  If so, check your network settings to make sure that you do not have them set to automatically connect to those networks.

6

Thanks

 

at work it connects automatically,

 

 

all of those logs were during the time that i was travelling there.

 

What i think happened was i closed my computer and put it in the bag, but it stayed powered on as windows 7 was updating to IE10. The logs on the updates are in line with those on norton, so maybe while i was walking to work the computer was still on and trying to connect to any wifi connections within range.

 

Do you think that is correct? Surely the windows update and this must be linked?

 

Do you think I have anything to worry about?

7

? please advise. thanks

8

Your computer was definitely still turned on.  I don't think you have anything to worry about, though.  When you connect to an unsecured network, Norton automatically assigns a trust level of "Protected" to the network which means that nothing on the network could connect to your PC uninvited.  The firewall would treat local network traffic with the same rules used to filter internet traffic.  Although unusual, I doubt that the episode indicates anything sinister going on - if malware were connecting out, you would be seeing suspicious traffic all the time, not just when you were out and about.  It wouldn't hurt to scan your machine for threats, but if nothing is found, I think you can rest easy.  You still need to check your network settings, especially for the networks in question and make sure you are not configured to connect to them automatically.

9

You might want to check the power settings on your laptop to see what it is told to do when you close the lid -- there are usually various options one of which is Shut Down but it could be Sleep or Nothing [which would mean stay active] or some other choice ....

 

If it were set on other than Shut Down that would mean that it could connect to those unsecured networks while you were traveling with it in a closed bag.

 

The red might mean that it knew it had to do something but could not because it did not have a valid internet connection and when you got home it completed the jobs?

 

Just some thoughts FWIW

10

Hi

 

Thanks. Tonight I walked the same way as on Saturday night! and I deliberatelydidnt completely shut the computer down, when i got to work i checkedthe logs and again there was activity, i think this is from the library that i walk past (where i have connected to wifi) before, so i think its safe to say that it was just the computer connecting to networks that I had previously connected to.

 

Also, on the train etc and in the city centre, there is free wifi, so obviously the computer was trying to connect to, hence the logs.

 

So i think on the first night this happened, i shut the comp turn, but it didnt turn off as windows was updating.. so it was still turned on when i was walking through those places.

 

Does this make sense, i think this is the case, and nothing dodgy is happening.

 

Thanks a lot

11

One last thing please.

 

on the networks on my list.. of ones i have previously connected to a few are home ones.

 

They are all listed as WPA-Personal, yet my home one is listed as WEP? i have read online that this is less secure.Should mine not be WPA-Personal? Could someone have changed mines from WPA to WEP?

 

Is it normal to for some people to have home connections as WPA and some as WEP.

 

Thanks alot again.

12

Wireless encryption is something that you would set up yourself in the router and the computers on your network.  WPA is much more secure that WEP but is not supported in older products.  Both require a passphrase which must be entered in the router and the computers, so this is not something that could be changed from the outside.  I would recommend setting up your home network with WPA-2.