Hi guys i was asking this same thing in the windows channel

Question

Hi guys i was asking this same thing in the windows channel so sorry for the spam if you already read this question Does somebody know what is the best way to update the parameter `windows event channels` I tried to update it via fleet and also via the flags file but i do not get a consistent behavior I would say it works better via flags file but it seems that once a channel is enabled removing it from the flags file does not take effect It would seem those channels get stored somehwere

Juan Alvarez · Answer

I have just found out that if i stop the service and delete all the contents on osquery db folder the channels value gets applied properly from both fleet or flags file However i would like to learn if there is any expected behavior