Ari Weinberg
02/28/2022, 9:25 PMchrome_extensions
table, and disabling that table in the flags file stopped the CPU from being pegged.
Any idea what might be causing this?
Disabling this table also stopped fleet from gathering all the installed programs on the server, even though chrome is not installed.
Keep in mind that this is on domain controllers only, and this wasn't a problem on other windows servers that don't have chrome installed.alessandrogario
Column("browser_type", TEXT, "The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)"),
Ari Weinberg
02/28/2022, 10:24 PMdefensivedepth
03/01/2022, 1:05 PMselect * from chrome_extensions
from osqueryi on that DC?Ari Weinberg
03/01/2022, 4:11 PMselect * from chrome_extensions;
spikes the CPU temporarily while the query is run (for about 10 seconds).
OS is Windows Server 2016.Stefano Bonicatti
03/02/2022, 5:20 PMchrome_extensions
will walk through all the users present in the DC to find those extensions, if you don’t provide a uid
constraint.
I’m working on a change for how users and groups are retrieved from the system on Windows, so that the cost of retrieving that information is distributed over a longer period of time, by keeping a cache, which then massively speeds up the queries, especially if the constraints used are on index columns (uid
on the users
table, gid
on the groups
one and so on)Paul Masek
03/16/2022, 2:29 PMStefano Bonicatti
03/17/2022, 4:59 PMPaul Masek
03/17/2022, 5:40 PM