pywintrace icon indicating copy to clipboard operation
pywintrace copied to clipboard
verified publisher icon fireeye

Failed to get data field for AssemblyFlags, incrementing by reported size

Open kujo2019 opened this issue 6 years ago • 2 comments

On a Win10 x64 box, in an Admin cmd window I am running the python script from the article https://www.countercept.com/blog/detecting-malicious-use-of-net-part-1/ (https://gist.github.com/countercept/7765ba05ad00255bcf6a4a26d7647f6e). I am running it with the --high-risk-only flag. It gets a lot of "Failed to get data field for AssemblyFlags, incrementing by reported size" error messages.

What would cause this? Is this normal or a bug? How can I fix it or suppress these messages?

kujo2019 avatar Aug 21 '19 18:08 kujo2019

@kujo2019 this could be an issue with the ETW provider itself. Could you troubleshoot further by using another ETW collection tool, such as Microsoft Message Analyzer and report back if that works?

SuprHackerSteve avatar Nov 14 '19 18:11 SuprHackerSteve