Garret Reece

Hiya LorenaM22 -- I'm having trouble recreating the issue; can you give us more details? Specifically: 1. which version of osquery are you building against? 2. how are you invoking...

4.6.0 works on my ubuntu vm, so I'll set up a debian 10 VM and see about running on that platform. please forgive all the questions, I'm trying to run...

you'll need to at some point, yes, because the network_monitor extension drops permissions deliberately. That said, I can recreate the issue you're seeing just fine on my debian VM, so...

after some digging, the culprit is https://github.com/osquery/osquery/pull/6006 The short answer is that running osquery with the command line option `--extensions_default_index=false` will fix this behavior. We need to investigate whether this...

Digging into the original issue, the cause appears to be GUID Partition Tables--Windows 10 Pro uses MBR, which Sleuth Kit handles just fine, but Windows 10 Enterprise uses GPT and...

Debugging messages when attempting to open the partitions one at a time on the system: ``` osquery> select * from ntfs_file_data WHERE path="/ProgramData/osquery" ...> ; W0803 15:53:50.953084 17900 ntfsfileinfotable.cpp:186] unable...