When I execute "windows_security_products" or "windows_security_center" table on windows server I got "error" values or nothing because the WSCAPI.dll is not present on Windows Server.
I got exit code 0 (success) in both cases, Why in such a situation do I not get a exit code 1 or something (failure)?
12/20/2020, 4:24 PM
Hi @ET neither of these tables work on Windows Server. We aren't sure why Microsoft does not allow this API on that specific platform. Even copying the DLL from a normal Windows 10 computer does not work.
As for the exit code, I do not believe osquery will return a non-zero exit code for en errored query when the query is specified on the commany line
Although I agree that is a good idea
12/20/2020, 4:40 PM
Thanks @terracatta !
For example - If the table is not exists I got exit code 1
Error: no such table: windows_security_productssssss
So I got non-zero exit code when the query is specified on the command line
12/20/2020, 4:41 PM
Yeah it is definitely inconsistent. In this case you have a SQLite error, but in the case of the windows table, no error is thrown and instead a warning is logged and the table returns no results.
There are a number of tables in osquery that will return 0 results when something goes wrong under the hood like tha
I agree though that in an ideal world this specific problem would produce a more explicit error
vs a silent warning
12/20/2020, 4:43 PM
Oh okay, now I understand your intent, thanks again