i do not see it spawning a conhost.exe if i unzip ...
# generalg
Grant
11/13/2020, 3:48 AMi do not see it spawning a conhost.exe if i unzip the msi and use osqueryi.exe (as a service) instead of osqueryd.exe in this case i see only two osquery processes, which what i would expect
a
alessandrogario
11/13/2020, 1:19 PM
It should be a Windows executable; it should be possible, from the Task Manager/Details window, to select "Open file location"
alessandrogario
11/13/2020, 1:19 PM
It should be possible to inspect the authenticode signature from the properties, and verify that's a legit binary
4 Views