Ari Weinberg02/28/2022, 9:25 PM
table, and disabling that table in the flags file stopped the CPU from being pegged. Any idea what might be causing this? Disabling this table also stopped fleet from gathering all the installed programs on the server, even though chrome is not installed. Keep in mind that this is on domain controllers only, and this wasn't a problem on other windows servers that don't have chrome installed.
Column("browser_type", TEXT, "The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)"),
Ari Weinberg02/28/2022, 10:24 PM
defensivedepth03/01/2022, 1:05 PM
from osqueryi on that DC?
select * from chrome_extensions
Ari Weinberg03/01/2022, 4:11 PM
spikes the CPU temporarily while the query is run (for about 10 seconds). OS is Windows Server 2016.
select * from chrome_extensions;
Stefano Bonicatti03/02/2022, 5:20 PM
will walk through all the users present in the DC to find those extensions, if you don’t provide a
constraint. I’m working on a change for how users and groups are retrieved from the system on Windows, so that the cost of retrieving that information is distributed over a longer period of time, by keeping a cache, which then massively speeds up the queries, especially if the constraints used are on index columns (
one and so on)
Paul Masek03/16/2022, 2:29 PM
Stefano Bonicatti03/17/2022, 4:59 PM
Paul Masek03/17/2022, 5:40 PM