Title
#general
e

ET

12/20/2020, 4:21 PM
Hi There, When I execute "windows_security_products" or "windows_security_center" table on windows server I got "error" values or nothing because the WSCAPI.dll is not present on Windows Server. I got exit code 0 (success) in both cases, Why in such a situation do I not get a exit code 1 or something (failure)?
terracatta

terracatta

12/20/2020, 4:24 PM
Hi @ET neither of these tables work on Windows Server. We aren't sure why Microsoft does not allow this API on that specific platform. Even copying the DLL from a normal Windows 10 computer does not work.
4:25 PM
As for the exit code, I do not believe osquery will return a non-zero exit code for en errored query when the query is specified on the commany line
4:25 PM
Although I agree that is a good idea
e

ET

12/20/2020, 4:40 PM
Thanks @terracatta ! For example - If the table is not exists I got exit code 1
Error: no such table: windows_security_productssssss
EXIT_CODE: 1
4:41 PM
So I got non-zero exit code when the query is specified on the command line
terracatta

terracatta

12/20/2020, 4:41 PM
Yeah it is definitely inconsistent. In this case you have a SQLite error, but in the case of the windows table, no error is thrown and instead a warning is logged and the table returns no results.
4:42 PM
There are a number of tables in osquery that will return 0 results when something goes wrong under the hood like tha
4:42 PM
I agree though that in an ideal world this specific problem would produce a more explicit error
4:42 PM
vs a silent warning
e

ET

12/20/2020, 4:43 PM
Oh okay, now I understand your intent, thanks again