Windows Events Command Line Utility (wevtutil) producing NUL values in text output.

Occasional Visitor

I've noticed that Windows Server 2022, the wevtutil is adding NULs after some entries the text output; running the same utility from an instance of server 2019 doesn't.

 

Server 2022:

wevtutil qe Application "/q:*[System [(EventID=865)]]" /f:text /rd:true /c:1
Event[0]
  Log Name: Application
  Source: Microsoft-Windows-SoftwareRestrictionPolicies
  Date: 2022-02-21T08:12:27.5490000Z
  Event ID: 865
  Task: N/A
  Level: Warning ਍  Opcode: Info  ਍  Keyword: N/A
  User: S-1-5-21-1860657127-41187656-1928362250-12396
  User Name: <redacted>
  Computer: <redacted>
  Description:
Access to c:\Users\<redacted>\Desktop\calc.exe has been restricted by your Administrator by the default software restriction policy level. ਍

 

Server 2019:

 

wevtutil qe Application "/q:*[System [(EventID=865)]]" /f:text /rd:true /c:1
Event[0]:
  Log Name: Application
  Source: Microsoft-Windows-SoftwareRestrictionPolicies
  Date: 2022-02-21T08:12:27.549
  Event ID: 865
  Task: N/A
  Level: Warning
  Opcode: Info
  Keyword: N/A
  User: S-1-5-21-1860657127-41187656-1928362250-12396
  User Name: <redacted>
  Computer: <redacted>
  Description:
Access to c:\Users\<redacted>\Desktop\calc.exe has been restricted by your Administrator by the default software restriction policy level.

 

Any ideas other than just using the utility from a 2019 machine?

 

Thanks.

 

0 Replies