Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
m
Mystery Incorporated
10/18/2021, 7:34 AMHmmm osqueryd.exe keeps reporting itself as a no disk executable \Device\HarddiskVolume2\Program Files\osquery\osqueryd\osqueryd.exe
m
Mike Myers
10/18/2021, 4:48 PMwhat is the query that reports that? Maybe there's a bug
m
Mystery Incorporated
10/25/2021, 8:56 PMI was using the example query for no disk binary on the osquery website but what the issue turned out to be is somehow I ended up with both 4.9 and 5.0.1 on the 1 machine?
m
Mike Myers
10/26/2021, 12:54 AMoh, it's possible that 4.9 has to be stopped and removed before reinstalling
there were some install path changes
Ah yes https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos we made a little note about this in our blog post in the section
Migrating from osquery 4.x to 5.x