Computer access while out

Hi all, I have a bit of a weird one, which hopefully you might be able to help with. My partner's computer has been accessed while we are out, almost certainly over our WLAN. The dates and times that I can be sure of, after cross checking with CCTV footage are:-

04 May 17:42
02 May 21:46
28 April 15:00
27 April 18:17
26 April 17:39
25 April 15:34
24 April 20:49
23 April 13:42
23 April 17:53
22 April 22:06
20 April 15:13

The computer's date and time is accurate. There does also seem to be a pattern where we have been out for four hours at a time and the computer has been accessed pretty much two hours in between going out and coming back. My partner assures me they haven't granted access. On looking at the computer's configuration, it is possible it could have been waken on LAN, but the router side of it wasn't configured (no reserve IP etc.). I have obviously taken steps so this computer is no longer configured for Wake on LAN and the BIOS is now password protected. I guess the question is can I determine from the Windows 10 log file how this computer was woken/powered on, and is there any way on a standard Windows 10 laptop to set up file and program audit access (like you could with WindowsNT, Windows 2000 etc.). In addition to this does anyone think my ISP would be able to provide details of where and by who this computer was accessed from, if over the internet. Thanks in advance.

Presume you have ensured WPA2 is running on wireless network and have changed the access key?

No network may have been hacked it may be some software is running that wakes the computer up a set times.

The most likely vector is via a malware laden link or email, so time to do run the full sweeps and additions like malware bytes

Hi,

If I was you, I would interrogate the router and check the logs on the router. This should tell you who has, at least attempted to access your network. Also, if you use wireless, then you should configure MAC address filtering so that only select devices can access your wireless network. If your router has WPS configured then I would disable it as that broadcasts all your security setting when you press the WPS button to all-and-sundry devices that might be looking to connect.

This is all a starting point and preventative measures. If you would like some more personal information or would like to discuss something then feel free to message me anytime.

HTH,

I'm a complete novice in these matters but I did find out some interesting tidbits when trying to resolve my network being hacked just before last Christmas. That ended with me ditching my Netgear router in favour of the PlusNet one which is locked down tighter than a duck's whatsit.

I was surprised to find that there can be devices (hardware or software) on your network that the router 'knows' nothing about. In my case I was never sure but I suspected my security cameras were to blame.

I used Netscan Basic to scan my network for 'live' IP addresses and then NMap to run checks for the services running on the devices answering to that IP.

Just bye the bye in case it's relevant.

People rapidly wanting to push things off to the private messages on a public forum rings bells - remember NEVER share personal data with a stranger online not matter what credentials they say they have

Especially to a newbie with random numbers in their username!

my /guess/ is that the computer is waking up so it can then hibernate rather than sleep.

there is a tool, powercfg
try the sleepstudy option.

certainly run malwarebytes as well, but I don't think it will find anything
else the next stage is run a network monitor (netmon / wireshark etc), to record the traffic whilst you are out.

Computers turn themselves on from sleep for a bunch of things e.g. updates, to change the sleep mode e.g. to go from sleep to hibernate (especially when battery is low), AV may kick in for whatever reason, certain backup software, scheduled tasks / batch jobs etc. Unless you fully shutdown you can expect it might come out of the sleep state at some stage.