Hmmm osqueryd.exe keeps reporting itself as a no disk executable \Device\HarddiskVolume2\Program Files\osquery\osqueryd\osqueryd.exe

what is the query that reports that? Maybe there's a bug

I was using the example query for no disk binary on the osquery website but what the issue turned out to be is somehow I ended up with both 4.9 and 5.0.1 on the 1 machine?

oh, it's possible that 4.9 has to be stopped and removed before reinstalling