Eid2 filter with "\n" #12
Description
there is "\n" after "SysmonCreateFileTime.txt" in sysmon config file that causes no-working of Event2.
<!-- -eid 2 is Working -->
<FileCreateTime onmatch="include">
<Image name="SysmonSimulator FileCreateTime modification Simulation for SysmonCreateFileTime.txt" condition="end with">SysmonSimulator.exe</Image>
<TargetFilename condition="end with">SysmonCreateFileTime.txt
</TargetFilename>
</FileCreateTime>