sorry for the delays most people in this slack ar

Question

< Mustafa> sorry for the delays most people in this slack are PST wink As for the question about authenticode try handing it a SQL glob `C ProcessExplorer `

Mustafa · Answer

the query select from authenticode path= c ProcessExplorer was resulted as Error near = syntax error

Mustafa · Answer

sorry osquery gt select from authenticode where path= C ProcessExplorer W0405 16 35 31 970301 4996 authenticode cpp 500 Failed to verify the Authenticode signature for the following file C ProcessExplorer Error Failed to query the Authenticode signature information

manu · Answer

`path` here refers to `file` u seem to be passing directory here something like `select from authenticode where path = c windows system32 kernel32 dll `

manu · Answer

Or u could fetch the list of files in the directory as `files` via `file` table and do sort of `join` with authenticode to get it for all files in the directory Some SQL expert might help in here i don t really know much of SQL <https osquery io schema 2 11 2 file>

Mustafa · Answer

< manu> for your first comment

Mustafa · Answer

< manu> the path must provide a path or a directory it s indicated on the web site

manu · Answer

Can you try this I am also experimenting the same stuff `select from authenticode where path like C ProcessExplorer `

Mustafa · Answer

yes I did but the result same