https://github.com/osquery/osquery logo
Powered by
#windows
Title
# windows
p

packetzero

11/08/2019, 4:23 AM
Forgot p.path
c

cpk

11/08/2019, 6:42 PM
@packetzero Same result, did not see path for many of the processes.
p

packetzero

11/08/2019, 9:32 PM
I remember that for certain processes, you have to be running as SYSTEM. Therefore, the daemon will get most of the data, except for protected process like pid=4. But running as Administrator on command-line, you will miss some data.
By daemon, I mean running as a service.
3 Views
Powered by