From 120c5ae7f90d91e601aa44f04e4379084d659d3c Mon Sep 17 00:00:00 2001
From: Enrique Martin <enrique.martin@pandorafms.com>
Date: Mon, 8 Apr 2024 13:01:02 +0200
Subject: [PATCH] Debugging

---
 .../windows/pandora_security_win/src/pandora_security_win.py  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py b/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
index f0094e2d23..f0e9b0a171 100644
--- a/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
+++ b/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
@@ -340,8 +340,8 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con
     try:
         # Run the auditpol command to check the audit policy for Logon/Logoff
         cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
-        result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True, encoding='utf-8')
-        last_line = result.stdout.strip().split('\n')[-1].strip()
+        result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True, encoding='latin-1')
+        last_line = result.stdout.encode('latin-1').decode('utf-8').strip().split('\n')[-1].strip()
         cleaned_line = re.sub(' +', ' ', last_line)
         
         # Interpret the result