₳Ⱡ₥Ø₲

1 is not supported from my testing

Well wildcard C:\Program Files\\*\\ will catch any folder under Program Files but if you want to match a folder by name it would be more efficient such as C:\Program Files\\*SomeApp\*

interesting @AndrewRathbun, I tried the TeamViewerLogs target on my machine and it didnt find anything under Program Files(x86) even though it exists. I tried running the following command: `.\kape.exe --tsource...

@EricZimmerman I have already done that and put the output in the comment above. by the way, kape fails to recognize the correct OS(I'm using Windows 11 and it says...

@Ana06 isnt the purpose of this vm is to make it as efficient? Hence the reason there is categories for utilities&productivity.

@Ana06 Yes I tried and it worked fine

@day1player there were no issues

@hillu Hello, we are using Laurel v0.5.3, I did not see anything peculiar that laurel logged. The command line wasnt that long for sure. also, from what I experienced the...

Yes, I forgot to mention but we checked on multiple servers and it seems the correlated event was from auditd: dispatch err (pipe full) event lost

@hillu yes I thought so. its quite surprising flood of events cause the dispatcher to miss full lines of EXECVE and therefore have laurel miss it. also, as I stated...