EricZimmerman
commented
3 years ago You have old maps. You need to update via the sync command
Closed antmar904 closed 3 years ago
EricZimmerman
commented
3 years ago You have old maps. You need to update via the sync command
EricZimmerman
commented
3 years ago Worst case delete the maps folder then sync.
antmar904
commented
3 years ago Tried sync command and did not work, had to delete the maps folder then sync and worked. Thanks!
Hi,
When running: EvtxCmd.exe -d c:\Temp\tester --csv c:\temp\evt via the cmd prompt I get the following errors:
EvtxECmd version 0.6.5.0
Author: Eric Zimmerman (saericzimmerman@gmail.com) https://github.com/EricZimmerman/evtx
Command line: -d c:\Temp\tester --csv c:\temp\evt
Warning: Administrator privileges not found!
CSV output will be saved to 'c:\temp\evt\20210310212646_EvtxECmd_Output.csv'
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Audit-CVE_1.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-HitmanPro-Alert_911.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Sophos-Alert_32.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Sophos-Alert_42.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2048.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2086.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2127.map had validation errors: 'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-5005.map had validation errors: 'Provider' must not be empty.