Because if you've grabbed the LOCK, that might be ...
# generalt
thor
11/07/2018, 4:31 PM
Because if you've grabbed the LOCK, that might be why osqueryd isn't fully coming offlne
j
john
11/13/2018, 10:25 PM@thor I did see the issue again a bit on 3.3.0 Was wondering if it had anything to do with deleting the database and allowing osquery to remake it so I didnt respond further. Since then I have added a new Win10 machine clean and installed 3.3.1. I reconfigured it and ran . All seemed well on the first manual stop from Services.exe. Appeared to be using the new configuration. After one more restart and stop via Services.exe it once again hung the osqueryd.exe running/holding files and LOCK while the services.exe output showed stopped.
john
11/13/2018, 10:40 PMKilled the osqueryd.exe via resmon.exe and restarted. Run appears generally normal in log content but on the next stop via Services.exe the osqueryd.exe is once again hung and holding files.
t
thor
11/13/2018, 10:41 PM
Are you by chance running with
--disable_watcher3 Views