Link to home
Start Free TrialLog in
Avatar of llarava
llaravaFlag for Afghanistan

asked on

Get-WinEvent -FilterHashtable - Message returns blank but a message/description is part of the event ID.

Trying to use Get-WinEvent to query for 1116 Event ID and find message/description. The Event ID's are being collected via GPO subscription on Microsoft Event Collector.

When I run Get-WinEvent to query for 1116 Event ID the Message/description is blank but when I check the XML of the event ID I can see a message/description. I need to be able to output the Message as part of the command.

 Get-WinEvent -FilterHashtable @{logname="ForwardedEvents";id=1116} -MaxEvents 1 | Select TimeCreated, Message

TimeCreated                                                 Message
-----------                                                 -------
12/17/2016 2:06:51 PM

but the XML of the event shows a message:

 <Message>Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003&enterprise=1 Name: Virus:DOS/EICAR_Test_File ID: 2147519003 Severity: Severe Category: Virus Path: file:_icrosoft\Windows\Temporary Internet Files\Content.IE5\HZANLCTP\eicar[1].com Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: s Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.233.2750.0, AS: 1.233.2750.0, NIS: 116.72.0.0 Engine Version: AM: 1.1.13303.0, NIS: 2.1.12706.0</Message>
Avatar of footech
footech
Flag of United States of America image

Perhaps there are some 1116 events that don't have a message property.  Not all events with the same ID are the same.  However, my first thought is that every event should have a message property.
Only way for me to investigate would be if you supplied a sample .evtx file which included the events to examine.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial