error parse evtx as the map is empty

Question

naderhabbbab opened this issue 4 years ago · 3 comments

im getting the following error when parse win evt as some logs are empty

Correct the errors and try again. Exiting

C:\Forensic Program Files\Zimmerman\EvtxExplorer\Maps\WindowsDefender_5007.map had validation errors:
'Provider' must not be empty.

Correct the errors and try again. Exiting

The following maps had errors. Scroll up to review errors, correct them, and try again.

C:\Forensic Program Files\Zimmerman\EvtxExplorer\Maps\System-Audit-CVE_2.map had validation errors:
'Provider' must not be empty.

Answer 1 · 2021-01-11T07:02:50.000Z

You have outdated and/or duplicate maps. Delete entire Maps folder and resync with EVTXECmd.exe --sync. Try again after that. Report back please.

Answer 2 · 2021-01-12T03:34:33.000Z

@naderhabbbab were you able to figure this out?

Answer 3 · 2021-01-12T10:41:57.000Z

Yes it’s fixed thank you

On Tue, 12 Jan 2021 at 6:34 AM Andrew Rathbun ***@***.***> wrote: @naderhabbbab <https://github.com/naderhabbbab> were you able to figure this out? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#90 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJ5AN2J45D2EOWICQIGIRDSZO7NNANCNFSM4V5BKHJQ> .

-- Mobile