Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
m
Mystery Incorporated
05/17/2022, 9:08 AMHey there osqueryd is listed as a conflicting app by Microsoft Defender for Endpoint
s
sharvil
05/17/2022, 9:12 AMProbably because Microsoft Defender on macOS itself embeds osquery..
m
Mystery Incorporated
05/17/2022, 9:12 AMOh rly?
s
sharvil
05/17/2022, 9:12 AMYes! It's not widely known, but they do
m
Mystery Incorporated
05/17/2022, 9:12 AMwhat's my options in this case?
s
sharvil
05/17/2022, 9:12 AMLook at their .app package structure
what's my options in this case?Also not sure why microsoft would do this -- not sure off the top of my head
m
Mystery Incorporated
05/17/2022, 9:13 AMI assume I can't configure their copy to talk to fleet
s
sharvil
05/17/2022, 9:14 AMworth a try lol, do report back -- I don't have a copy of Microsoft Defender for mac anymore
m
Mystery Incorporated
05/17/2022, 9:15 AMok i'll have a look
👍 1
@sharvil hmm not seeing it unless they rename it?
s
sharvil
05/17/2022, 9:40 AMI am not sure about now, but they definitely did embed it a while back
m
marnin
05/17/2022, 12:44 PMI see
Microsoft\ <http://Defender.app/Contents/MacOS/wdavdaemon_enterprise.app/Contents/Frameworks/osqueryi|Defender.app/Contents/MacOS/wdavdaemon_enterprise.app/Contents/Frameworks/osqueryi>s
sharvil
05/17/2022, 1:33 PMYep, I confirmed it's there