kaspersky av logs

[randomaccess3]

Description

Please include a summary of the change and (if applicable) which issue is fixed.

Checklist:

Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR

• [ ] I have ensured a Provider is listed for the new Map(s) being submitted
• [ ] I have ensured the filename(s) of any new Map(s) being submitted follows the approved format, i.e. Channel-Name_Provider-Name_EventID.map. In summary, all spaces and special characters are replaced with a hyphen with an underscore separates Channel Name, Provider Name, and Event ID
• [ ] I have tested and validated the new Map(s) work with my test data and achieve the desired output
• [ ] I have provided example event data (# Example Event Data:) at the bottom of my Map(s), if possible
• [ ] I have consulted the Guide/Template to ensure my Map(s) follow the same format

Thank you for your submission and for contributing to the DFIR community!

[randomaccess3]

No idea whats going on here There's a new line character at the end and there's no trailing spaces

It runs fine with evtxecmd

[AndrewRathbun]

No idea whats going on here There's a new line character at the end and there's no trailing spaces

It runs fine with evtxecmd

I'll take a peek here in a bit. It'll run fine in evtxecmd but it's just a linting rule that's triggering to hit on the petty stuff. I'll be able to triage when I get to the keyboard for the day. Thanks for the PR!

[AndrewRathbun]

@randomaccess3 I think it was looking for the # Documentation line at the end, and then the newline. I added both and now we have a green checkmark.

[AndrewRathbun]

Also, do you have example event log data you can populate in the comments? Can always be added later, if possible.

Example: https://github.com/EricZimmerman/evtx/blob/86ed90f803b6a7203a4193245dd7c583cd000833/evtx/Maps/Application_Application-Error_1000.map#L25