<@U01DFNXHY92> Beware that osquery on macOS does n...
# fleetb
benbass
10/18/2021, 3:33 PM@Mystery Incorporated Beware that osquery on macOS does not uninstall 4.9.0 when installing version 5.x. SO you have version 5.x in a new place and the 4.9.0 binary stays in /usr/local/bin next to the linked osqueryi and osqueryctl which map back to 5.X in /opt/.
m
Mystery Incorporated
10/18/2021, 3:37 PMThanks yea I think I saw you mention this before so i did my macos ones ok based on your lesson. This was a windows host. It's possible because they change what msi various endpoints give my script pulled the wrong one, I dunno.
b
benbass
10/18/2021, 3:38 PMInteresting, I hadn’t thought about windows hosts. I’ll make sure to pass that on to my windows admin team to make sure they check.
benbass
10/18/2021, 3:38 PMGlad I was able to help you on the mac side. 🙂
👍 1
m
Mystery Incorporated
10/18/2021, 3:49 PMActually it's still happening i found another windows host that doesn't have a pack and it only sees osquery 5.0.1 hmmm
Mystery Incorporated
10/18/2021, 6:08 PMThen it resolved itself so dunno maybe it was a byproduct of what I did before to try fix
b
benbass
10/18/2021, 6:08 PMAwesome, hopefully it won’t crop up again.
4 Views