Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
j
joker
10/01/2020, 8:08 AMHI
Failed run osqueryd on OS Windows 10
C:\Windows\system32>sc.exe qc osqueryd
[SC] QueryServiceConfig: успех
Имя_службы: osqueryd
Тип : 10 WIN32_OWN_PROCESS
Тип_запуска : 2 AUTO_START
Управление_ошибками : 1 NORMAL
Имя_двоичного_файла : C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile="C:\ProgramData\osquery\osquery.flags"
Группа_запуска :
Тег : 0
Выводимое_имя : osqueryd
Зависимости :
Начальное_имя_службы : LocalSystem
i
ihor
10/01/2020, 9:25 AMhi, that looks strange, osquery should be located in "Program Files" not in "ProgramData", that probably something quite old. You can also try to start it using cmd with admin rights to check what might be wrong with osqueryd. But firstly I would recommend to install one of the latest osquery versions, you can find it here - https://osquery.io/downloads/official/4.5.0
j
joker
10/03/2020, 7:25 AMHI @ihor (говоришь по русски ?) reinstall osquery in ProgramFile and service run