Hello, is it possible to rename the windows service/linux daemon so that a malicious script that gains elevated privileges doesn't just search for osqueryd running and kill it? Of course not saving in C:\Program Files\osquery would be a requirement of this.

There is no native support for this renaming.

It might be something to consider, because a malicious executable the gains elevated privilege could simply hunt for osqueryd and kill it before it can generate a log.

You can install it in any folder you want, you can also have the service named anything you want. I have not tried renaming the binary.

@David J Davis yea renaming the binary I feel is the issue, I tried and it wouldn't start