Hey there osqueryd is listed as a conflicting app ...
# macosm
Mystery Incorporated
05/17/2022, 9:08 AMHey there osqueryd is listed as a conflicting app by Microsoft Defender for Endpoint
s
sharvil
05/17/2022, 9:12 AMProbably because Microsoft Defender on macOS itself embeds osquery..
m
Mystery Incorporated
05/17/2022, 9:12 AMOh rly?
s
sharvil
05/17/2022, 9:12 AMYes! It's not widely known, but they do
m
Mystery Incorporated
05/17/2022, 9:12 AMwhat's my options in this case?
s
sharvil
05/17/2022, 9:12 AMLook at their .app package structure
sharvil
05/17/2022, 9:13 AMwhat's my options in this case?Also not sure why microsoft would do this -- not sure off the top of my head
m
Mystery Incorporated
05/17/2022, 9:13 AMI assume I can't configure their copy to talk to fleet
s
sharvil
05/17/2022, 9:14 AMworth a try lol, do report back -- I don't have a copy of Microsoft Defender for mac anymore
m
Mystery Incorporated
05/17/2022, 9:15 AMok i'll have a look
👍 1
Mystery Incorporated
05/17/2022, 9:35 AM@sharvil hmm not seeing it unless they rename it?
s
sharvil
05/17/2022, 9:40 AMI am not sure about now, but they definitely did embed it a while back
m
marnin
05/17/2022, 12:44 PMI see
Microsoft\ <http://Defender.app/Contents/MacOS/wdavdaemon_enterprise.app/Contents/Frameworks/osqueryi|Defender.app/Contents/MacOS/wdavdaemon_enterprise.app/Contents/Frameworks/osqueryi>s
sharvil
05/17/2022, 1:33 PMYep, I confirmed it's there
33 Views