Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<@UA0CRPC0N> sorry for the delays, most people in this slack are PST :wink: As for the question about authenticode, try handing it a SQL glob - `C:\ProcessExplorer\%`

the query 
select * from authenticode path=‘c:\\ProcessExplorer\\%’;
was resulted as 
“Error: near “=”: syntax error”

sorry…

osquery&gt; select * from authenticode where path=‘C:\\ProcessExplorer\\%’;

W0405 16:35:31.970301  4996 authenticode.cpp:500] Failed to verify the Authenticode signature for the following file: C:\\ProcessExplorer\\%. Error: Failed to query the Authenticode signature information

`path` here refers to `file`, u seem to be passing directory here.  something like `select * from authenticode where path = "c:\windows\system32\kernel32.dll";`

Or u could fetch the list of files in the directory as `files` via `file` table and do sort of `join` with authenticode to get it for all files in the directory. 

Some SQL expert might help in here, i don't really know much of SQL. 

<https://osquery.io/schema/2.11.2#file>

<@U7A4YBZSN>   for your first comment, <https://osquery.slack.com/archives/C08V7KTJB/p1522856010000629>

<@U7A4YBZSN>  the path must provide a path or a directory. it’s indicated on the web site.

Can you try this ? I am also experimenting the same stuff.
`select * from authenticode where path like 'C:\ProcessExplorer\%';`