I have encountered strange behavior.
I have created windows event forwarding subscription and ForwardedEvent.evtx file is capturing subscribed events. When trying to convert ForwardedEvent.evtx file to csv file I see System.AccessViolation exception. I used command
Get-WinEvent -Path C:\Windows\System32\winevt\Logs\ForwardedEvents.evtx |Export-Csv ForwardedEvents.csv
in powershell admin mode
I tried copying ForwardedEvents.evtx file to other location and convert still I see same issue.
I tried to convert other files Application.evtx and Hardware.evtx file in C:\Windows\System32\winevt\Logs that works fine and only this ForwardedEvent.evtx unable to convert.
