kolide · RebeccaMahany · Aug 8, 2023 · Aug 7, 2023 · Aug 7, 2023 · Aug 8, 2023
diff --git a/cmd/launcher/extension.go b/cmd/launcher/extension.go
@@ -210,6 +210,7 @@ func commonRunnerOptions(logger log.Logger, k types.Knapsack) []runtime.OsqueryI
 	)
 
 	return []runtime.OsqueryInstanceOption{
+		runtime.WithKnapsack(k),
 		runtime.WithOsquerydBinary(k.OsquerydPath()),
 		runtime.WithRootDirectory(k.RootDirectory()),
 		runtime.WithOsqueryExtensionPlugins(ktable.LauncherTables(k)...),

diff --git a/cmd/launcher/launcher.go b/cmd/launcher/launcher.go
@@ -222,7 +222,7 @@ func runLauncher(ctx context.Context, cancel func(), opts *launcher.Options) err
 		close(sigChannel)
 	})
 
-	powerEventWatcher, err := powereventwatcher.New(log.With(logger, "component", "power_event_watcher"))
+	powerEventWatcher, err := powereventwatcher.New(k, log.With(logger, "component", "power_event_watcher"))
 	if err != nil {
 		level.Debug(logger).Log("msg", "could not init power event watcher", "err", err)
 	} else {

diff --git a/pkg/agent/flags/flag_controller.go b/pkg/agent/flags/flag_controller.go
@@ -491,3 +491,12 @@ func (fc *FlagController) DisableTraceIngestTLS() bool {
 		WithDefaultBool(fc.cmdLineOpts.DisableTraceIngestTLS),
 	).get(fc.getControlServerValue(keys.DisableTraceIngestTLS))
 }
+
+func (fc *FlagController) SetInModernStandby(enabled bool) error {
+	return fc.setControlServerValue(keys.InModernStandby, boolToBytes(enabled))
+}
+func (fc *FlagController) InModernStandby() bool {
+	return NewBoolFlagValue(
+		WithDefaultBool(false),
+	).get(fc.getControlServerValue(keys.InModernStandby))
+}
diff --git a/pkg/agent/flags/keys/keys.go b/pkg/agent/flags/keys/keys.go
@@ -47,6 +47,7 @@ const (
 	LogIngestServerURL         FlagKey = "log_ingest_url"
 	TraceIngestServerURL       FlagKey = "trace_ingest_url"
 	DisableTraceIngestTLS      FlagKey = "disable_trace_ingest_tls"
+	InModernStandby            FlagKey = "in_modern_standby"
 )
 
 func (key FlagKey) String() string {

diff --git a/pkg/agent/knapsack/knapsack.go b/pkg/agent/knapsack/knapsack.go
@@ -382,3 +382,10 @@ func (k *knapsack) SetLogIngestServerURL(url string) error {
 func (k *knapsack) LogIngestServerURL() string {
 	return k.flags.LogIngestServerURL()
 }
+
+func (k *knapsack) SetInModernStandby(enabled bool) error {
+	return k.flags.SetInModernStandby(enabled)
+}
+func (k *knapsack) InModernStandby() bool {
+	return k.flags.InModernStandby()
+}
diff --git a/pkg/agent/types/flags.go b/pkg/agent/types/flags.go
@@ -188,4 +188,8 @@ type Flags interface {
 	// DisableTraceIngestTLS disables TLS for observability ingest server communication
 	SetDisableTraceIngestTLS(enabled bool) error
 	DisableTraceIngestTLS() bool
+
+	// InModernStandby indicates whether a Windows machine is awake or in modern standby
+	SetInModernStandby(enabled bool) error
+	InModernStandby() bool
 }
diff --git a/pkg/agent/types/mocks/flags.go b/pkg/agent/types/mocks/flags.go
diff --git a/pkg/agent/types/mocks/knapsack.go b/pkg/agent/types/mocks/knapsack.go
diff --git a/pkg/log/checkpoint/checkpoint.go b/pkg/log/checkpoint/checkpoint.go
@@ -109,6 +109,9 @@ func (c *checkPointer) logCheckPoint() {
 	}
 	c.logServerProvidedData()
 	c.logDesktopProcs()
+	if runtime.GOOS == "windows" {
+		c.logger.Log("in_modern_standby", c.knapsack.InModernStandby())
+	}
 }
 
 func (c *checkPointer) logDesktopProcs() {

diff --git a/pkg/osquery/runtime/osqueryinstance.go b/pkg/osquery/runtime/osqueryinstance.go
@@ -17,6 +17,7 @@ import (
 	"github.com/go-kit/kit/log"
 	"github.com/go-kit/kit/log/level"
 	"github.com/kolide/launcher/pkg/agent"
+	"github.com/kolide/launcher/pkg/agent/types"
 	"github.com/kolide/launcher/pkg/autoupdate"
 	"github.com/kolide/launcher/pkg/backoff"
 	"github.com/kolide/launcher/pkg/osquery/runtime/history"
@@ -209,6 +210,12 @@ func WithAutoloadedExtensions(extensions ...string) OsqueryInstanceOption {
 	}
 }
 
+func WithKnapsack(k types.Knapsack) OsqueryInstanceOption {
+	return func(i *OsqueryInstance) {
+		i.knapsack = k
+	}
+}
+
 // OsqueryInstance is the type which represents a currently running instance
 // of osqueryd.
 type OsqueryInstance struct {
@@ -227,6 +234,7 @@ type OsqueryInstance struct {
 	usingTempDir            bool
 	stats                   *history.Instance
 	startFunc               func(cmd *exec.Cmd) error
+	knapsack                types.Knapsack
 }
 
 // Healthy will check to determine whether or not the osquery process that is

diff --git a/pkg/osquery/runtime/runner.go b/pkg/osquery/runtime/runner.go
@@ -445,6 +445,12 @@ func (r *Runner) launchOsqueryInstance() error {
 			case <-o.doneCtx.Done():
 				return o.doneCtx.Err()
 			case <-ticker.C:
+				// If device is sleeping, we do not want to perform unnecessary healthchecks that
+				// may force an unnecessary restart.
+				if o.knapsack.InModernStandby() {
+					break
+				}
+
 				// Health check! Allow a couple
 				// failures before we tear everything
 				// down. This is pretty simple, it