and then quits from what I understood

but if I launch it in shell “--S” it seems to work

You can run

--allow_unsafe

to fix but it is somewhat not recommended

maybe it’s checking for another adminstrator user

yeah I saw that option but also didn’t want to use it : (

I also get a stale process message, but I don’t see any other osquery process running in task manager details

PS C:\osquery> .\osqueryd\osqueryd.exe --verbose --config_path osquery.conf --logtostderr --force
I1204 04:34:45.896339  8756 init.cpp:418] osquery initialized [version=4.1.1]
I1204 04:34:45.933342  8756 system.cpp:330] Found stale process for osqueryd (12908)
I1204 04:34:45.938354  8756 system.cpp:362] Writing osqueryd pid (5308) to \Program Files\osquery\osqueryd.pidfile
I1204 04:34:45.954347  8756 extensions.cpp:349] Could not autoload extensions: Failed reading: \Program Files\osquery\extensions.load
E1204 04:34:45.987377  9984 watcher.cpp:567] [Ref #1382] osqueryd has unsafe permissions: C:\osquery\osqueryd\osqueryd.exe
PS C:\osquery>

its really this permission issue, if I use that bypass option it works

ok. I think I found another problem, it seems to be sensible to json configuration file encoding

since I generated the file through powershell script, it set the encoding to something strange. changing to utf8 fixes that other issue, it’s not a osquery problem in this case