Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#windows
Title
# windows
s
seph
12/05/2019, 10:36 PM
Hrm. Now that you say that… If you’re using launcher, it should be disabled already.
d
defensivedepth
12/06/2019, 1:47 PM
@seph
So launcher disables the stock osqueryd watchdog? Does it implement the same functionality, just within launcher itself?
s
seph
12/06/2019, 2:24 PM
The watchdog is disabled, yes. This is at
https://github.com/kolide/launcher/blob/bb9f5887bd9c8f402ecfb1e36bded76f73a0f354/pkg/osquery/runtime/runtime.go#L147
IIRC it was disabled because the way the watchdog manages the processes doesn’t play well with launcher.
There’s an old launcher issue to either duplicate the functionality or renable it. But it hasn’t come up much.
https://github.com/kolide/launcher/issues/107
d
defensivedepth
12/06/2019, 2:48 PM
Ok understood, thanks
2 Views
Post