Bravo Microsoft - KB4503267

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


UPDATE - KB4503294
Apparently this one fixes the logging issue!
But of course, it comes with some possible side effects...
YOU EVEN BROKE THE FILTER ON ALL OF THE LOGGING YOU ID10TS! 
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error,
"MMC has detected an error in a snap-in and will unload it." and the app may stop responding
or close. You may also receive the same error when using Filter Current Log in the Action menu
with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.


"you may receive the error",
"the app may stop responding or close."


... weasel words. If it happens 100% of the time, it is not
a may or might...
Ok, walk it back a bit. It was some of them. Still don't feel good about some items using the same software base
breaking in different ways from the same patch. - still reserving disgust.
Love the - use powershell after a bit of programming workaround bit as well (every time you wan't to view the logs!) - ugh...
Can't wait until Systemd logging makes this move :-) 

Workaround

To work around this issue, copy and paste the following function into a PowerShell window and run it.
You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views.
You will need to re-enter the function each time you open a new PowerShell window.
Note The get-EventViewer function will only allow you to view previously defined Custom Views.
To create new Custom Views, see Creating Get-WinEvent queries with FilterHashtable.
-------------------------------------------------------------------------------------

function get-EventViewer {
                Write-Output "List of custom views on the machine"
                Write-Output ""
                Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
 
                Write-Output ""
                $view_name = Read-Host "Enter the name of custom view to execute"
 
 
                # Get the file name of the view
                $ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
 
                Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))
}



[æ]