So I have Symantec endpoint business protection installed and has been working fine for a number of years with daily updates.
I was looking at my router logs and it seems that somehow someone, somewhere, is accessing my computer via RDP. I do RDP myself to the computer when I am away and have changed the default port to something else.
I am not sure how or who has access to it, I even changed the password. They are using the same user account I use to login.
I changed the port to something else and saw the connections dropped until a day later when someone seems to have gotten in.
any ideas what can be causing this or how best to see if the system has something infected sending out keystrokes or anything? I don't think there is anything on the system either.
this is what the router log looks like:
[LAN Access from remote] from 18.104.22.168:43336 to 22.214.171.124:xxxx
126.96.36.199 is my computer.