Found default.rdp in documents and some unusual logs - is this suspicious?

I've never used Remote Desktop Connection, yet I found a default.rdp file in Documents.

However I can't guarantee that I have never opened remote desktop by accident which may have created this file.

So I looked up where the log files are and looked at these files:

Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx
Microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx
Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

In Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx there are logs that say Remote Desktop Services: Session logon succeeded, even though I never use this application. Sometimes it's my own user name, sometimes it's one I don't recognise, seemingly a random string of characters followed by /Administrator. Each time the source is LOCAL.

Is this anything I need to worry about?

5 Sorted by: Reset to default

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy