Hi There, When I execute "windows_security_product...
# general
Hi There, When I execute "windows_security_products" or "windows_security_center" table on windows server I got "error" values or nothing because the WSCAPI.dll is not present on Windows Server. I got exit code 0 (success) in both cases, Why in such a situation do I not get a exit code 1 or something (failure)?
Hi @ET neither of these tables work on Windows Server. We aren't sure why Microsoft does not allow this API on that specific platform. Even copying the DLL from a normal Windows 10 computer does not work.
As for the exit code, I do not believe osquery will return a non-zero exit code for en errored query when the query is specified on the commany line
Although I agree that is a good idea
Thanks @terracatta ! For example - If the table is not exists I got exit code 1
Copy code
Error: no such table: windows_security_productssssss
So I got non-zero exit code when the query is specified on the command line
Yeah it is definitely inconsistent. In this case you have a SQLite error, but in the case of the windows table, no error is thrown and instead a warning is logged and the table returns no results.
There are a number of tables in osquery that will return 0 results when something goes wrong under the hood like tha
I agree though that in an ideal world this specific problem would produce a more explicit error
vs a silent warning
Oh okay, now I understand your intent, thanks again