https://github.com/osquery/osquery logo
Title
a

alessandrogario

10/23/2021, 6:10 PM
a malware killing an extension might as well just kill osquery itself, so I don't think it changes much whether it's in core or not
p

puffycid

10/23/2021, 7:57 PM
yes i agree malware/hands on key board attacker can kill osquery/extensions i was referring to the osquery watchdog killing an extension in middle of collection while investigating a system with attacker activity or a malicious file installed
a

alessandrogario

10/23/2021, 11:12 PM
The kill will happen anyway, whether it's core or an extension; if it is an extension at least the core will keep running while the extension is restarted