Are you using evented tables on Windows?

Hi, Yes, I have configured just one event based table - ‘powershell_events’. Although I don’t expect any such events simply coz it’s a test machine and there’s no process/user generating such events.

I see; are you using an old database? Can you restart it again with --verbose and see if it prints anything?

I did not tweak the default database path , I guess it should be in ’C:\ProgramData\osquery\…’. Just before installing 3.4.0 , v3.3.2 osquery was running on that machine. I didn’t want to restart it coz I want to understand the root cause otherwise I might encounter this issue again in future. I’ve configured it as a service manually and executable is placed in a custom directory.

I really don’t know, I was just wondering

ok 🙂