Hmmm osqueryd.exe keeps reporting itself as a no d...
# generalm
Mystery Incorporated
10/18/2021, 7:34 AMHmmm osqueryd.exe keeps reporting itself as a no disk executable \Device\HarddiskVolume2\Program Files\osquery\osqueryd\osqueryd.exe
m
Mike Myers
10/18/2021, 4:48 PMwhat is the query that reports that? Maybe there's a bug
m
Mystery Incorporated
10/25/2021, 8:56 PMI was using the example query for no disk binary on the osquery website but what the issue turned out to be is somehow I ended up with both 4.9 and 5.0.1 on the 1 machine?
m
Mike Myers
10/26/2021, 12:54 AMoh, it's possible that 4.9 has to be stopped and removed before reinstalling
Mike Myers
10/26/2021, 12:54 AMthere were some install path changes
Mike Myers
10/26/2021, 12:55 AMAh yes https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos we made a little note about this in our blog post in the section
Migrating from osquery 4.x to 5.x12 Views