Hey, I recently raised an issue about about running osquery as a SYSTEM process, and not being able to view files with privileges removed (https://github.com/osquery/osquery/issues/7820). I have also provided a suggested fix, although was wondering if there was a specific reason for not using SeBackupPrivilege previously to read files and registries?
m
Mike Myers
12/07/2022, 4:09 PM
I've left a comment on the issue. I think the answer to your question is, no there is no reason not to do what you suggest