Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Powered by
Title
s
seph
12/05/2019, 10:36 PM
Hrm. Now that you say that… If you’re using launcher, it should be disabled already.
d
defensivedepth
12/06/2019, 1:47 PM
@seph
So launcher disables the stock osqueryd watchdog? Does it implement the same functionality, just within launcher itself?
s
seph
12/06/2019, 2:24 PM
The watchdog is disabled, yes. This is at
https://github.com/kolide/launcher/blob/bb9f5887bd9c8f402ecfb1e36bded76f73a0f354/pkg/osquery/runtime/runtime.go#L147
IIRC it was disabled because the way the watchdog manages the processes doesn’t play well with launcher.
There’s an old launcher issue to either duplicate the functionality or renable it. But it hasn’t come up much.
https://github.com/kolide/launcher/issues/107
d
defensivedepth
12/06/2019, 2:48 PM
Ok understood, thanks
2 Views
#windows
Join Slack