let me refresh my memory

anything flashed 🙂?

yes! the "core" process should call each extension's

shutdown

thrift API if you implement it: https://github.com/facebook/osquery/blob/master/osquery/extensions/extensions.cpp#L161

ah ok, I was trying to bubble it up to the extension level. So can I override the default?