From d98ca0052d0a5b12fb8e0e681a559ef3c727e611 Mon Sep 17 00:00:00 2001
From: Mo Zhu <mo@fleetdm.com>
Date: Wed, 28 Jun 2023 11:33:06 -0700
Subject: [PATCH] Update xprotect_reports.yml (#12486)

---
 schema/tables/xprotect_reports.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/schema/tables/xprotect_reports.yml b/schema/tables/xprotect_reports.yml
index 60657d4aaa..3fbcce2d76 100644
--- a/schema/tables/xprotect_reports.yml
+++ b/schema/tables/xprotect_reports.yml
@@ -8,3 +8,5 @@ examples: >-
   SELECT * FROM xprotect_reports;
 
   ```
+notes: |
+  - In [very specific circumstances](https://github.com/osquery/osquery/issues/6588#issuecomment-1410934706) this table will return empty because xprotect will detect and remediate without generating an eicar file.