From 5256d3ada156bafaffb7b66d04565fe34cc211f1 Mon Sep 17 00:00:00 2001
From: Brian Thacker <neillthacker101@gmail.com>
Date: Mon, 9 Dec 2019 17:01:56 -0600
Subject: [PATCH] Update Syntax T1040 (#710)

Windows' tests not running because of space in "Program Files".  Added quotes to fix this. PowerShell not running exes by default.  Added call operator (&) to force this.
---
 atomics/T1040/T1040.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/atomics/T1040/T1040.yaml b/atomics/T1040/T1040.yaml
index a08b1d63..076e21ae 100644
--- a/atomics/T1040/T1040.yaml
+++ b/atomics/T1040/T1040.yaml
@@ -52,7 +52,7 @@ atomic_tests:
     name: command_prompt
     elevation_required: true
     command: |
-      c:\Program Files\Wireshark\tshark.exe -i #{interface} -c 5
+      "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
       c:\windump.exe
 
 - name: Packet Capture PowerShell
@@ -70,5 +70,5 @@ atomic_tests:
     name: powershell
     elevation_required: true
     command: |
-      c:\Program Files\Wireshark\tshark.exe -i #{interface} -c 5
-      c:\windump.exe
+      & "c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
+      & c:\windump.exe