'Provider' must not be empty
antmar904 opened this issue · comments
Hi,
When running: EvtxCmd.exe -d c:\Temp\tester --csv c:\temp\evt via the cmd prompt I get the following errors:
EvtxECmd version 0.6.5.0
Author: Eric Zimmerman (saericzimmerman@gmail.com)
https://github.com/EricZimmerman/evtx
Command line: -d c:\Temp\tester --csv c:\temp\evt
Warning: Administrator privileges not found!
CSV output will be saved to 'c:\temp\evt\20210310212646_EvtxECmd_Output.csv'
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Audit-CVE_1.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-HitmanPro-Alert_911.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Sophos-Alert_32.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Application-Sophos-Alert_42.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2048.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2086.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-2127.map had validation errors:
'Provider' must not be empty.
Correct the errors and try again. Exiting
C:\Temp\KAPE\Modules\bin\EvtxECmd\Maps\Cisco-AnyConnect-Secure-Mobility-Client-5005.map had validation errors:
'Provider' must not be empty.
You have old maps. You need to update via the sync command
Worst case delete the maps folder then sync.
Tried sync command and did not work, had to delete the maps folder then sync and worked. Thanks!