any documentation on what permissions osquery needs to run w

Question

any documentation on what permissions osquery needs to run working a strange case where osqueryi exe on Windows 10 dies with exit code 1073741511 0xC0000139 and no other message Execution is being handled by an RMM but it is running under LocalSystem SYSTEM

Stefano Bonicatti · Answer

What version of osquery

Stefano Bonicatti · Answer

That message might be relative to the fact that s not finding a dll it needs to run That been said osquery can also run as a normal user you won t have access to everything in the tables but it shouldn t be unable to run especially not throw an exception

Luke Walker · Answer

wish I knew which DLL it was talking about then

Luke Walker · Answer

version is 5 2 1

Luke Walker · Answer

if I move osqueryi exe directly into ` windir System32` it works Might be something quirky with environment amp NET I ll have to go digging there later At least it works now

Stefano Bonicatti · Answer

That s strange unexpected but anyway osquery doesn t use NET it s a classic C C++ application