I have run across a very strange issue on a Mac that I support. The user had a folder on his desktop (not his home folder, or linked to anything) that suddenly became renamed with a bunch of gibberish for the name. Normally I would point to user error at this point, but the end user is pretty Mac savvy, and insists that it happened when he was away from his computer. Additionally, it happened again to a different folder on his desktop a day later, supposedly after he had closed an application.
My question is this. Where can I check to see if this was performed by him or by a remote control user? I know where to find the system logs under the console, and have checked a few things, but don't know how to check the logs for when/how the folder rename happened.
Additional information:
The computer uses parallels to access a windows specific application, this was the application running before the second folder was renamed.
All remote support/remote access services are turned off. I also performed a scan using Sophos AV to see if there were any instances of malware or viruses, of which there were none. I also checked the AV on the Windows installation in parallels.
Time Machine is turned off, and has been turned off. Additionally, the user is not logged in to any of the icloud/imessage applications with any accounts.
We need to narrow down why this happened, so we can confirm that any data was not breached as there is sensitive data on the computer.
Any advice is welcomed and appreciated.
Thanks!
My question is this. Where can I check to see if this was performed by him or by a remote control user? I know where to find the system logs under the console, and have checked a few things, but don't know how to check the logs for when/how the folder rename happened.
Additional information:
The computer uses parallels to access a windows specific application, this was the application running before the second folder was renamed.
All remote support/remote access services are turned off. I also performed a scan using Sophos AV to see if there were any instances of malware or viruses, of which there were none. I also checked the AV on the Windows installation in parallels.
Time Machine is turned off, and has been turned off. Additionally, the user is not logged in to any of the icloud/imessage applications with any accounts.
We need to narrow down why this happened, so we can confirm that any data was not breached as there is sensitive data on the computer.
Any advice is welcomed and appreciated.
Thanks!