diff --git a/api/notebooks.go b/api/notebooks.go
index e41d4237e09..d918ec7736b 100644
--- a/api/notebooks.go
+++ b/api/notebooks.go
@@ -195,10 +195,6 @@ func (self *ApiServer) UpdateNotebook(
 		return nil, InvalidStatus("Notebook is not shared with user.")
 	}
 
-	if old_notebook.ModifiedTime != in.ModifiedTime {
-		return nil, InvalidStatus("Edit clash detected.")
-	}
-
 	// When updating an existing notebook only certain fields may
 	// be changed by the user - definitely not the creator, created time or notebookId.
 	in.ModifiedTime = time.Now().Unix()
diff --git a/artifacts/definitions/Server/Import/CuratedSigma.yaml b/artifacts/definitions/Server/Import/CuratedSigma.yaml
index 77de6fc24d0..c8b08c2ce8f 100644
--- a/artifacts/definitions/Server/Import/CuratedSigma.yaml
+++ b/artifacts/definitions/Server/Import/CuratedSigma.yaml
@@ -19,10 +19,10 @@ parameters:
       - Velociraptor Hayabusa Ruleset
       - Velociraptor Hayabusa Live Detection
       - Velociraptor ChopChopGo Ruleset (Linux)
+      - Velociraptor Curated Windows Ruleset
 
   - name: Prefix
     description: Add artifacts with this prefix
-    default: Sigma.
 
 sources:
   - query: |
diff --git a/artifacts/definitions/Server/Internal/ToolDependencies.yaml b/artifacts/definitions/Server/Internal/ToolDependencies.yaml
index 40029262740..0a2431e7f63 100644
--- a/artifacts/definitions/Server/Internal/ToolDependencies.yaml
+++ b/artifacts/definitions/Server/Internal/ToolDependencies.yaml
@@ -7,19 +7,19 @@ description: |
 
 tools:
   - name: VelociraptorWindows
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc2-windows-amd64.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72.0-windows-amd64.exe
     serve_locally: true
-    version: 0.72-rc2
+    version: 0.72.0
 
   - name: VelociraptorWindows_x86
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc2-windows-386.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72.0-windows-386.exe
     serve_locally: true
-    version: 0.72-rc2
+    version: 0.72.0
 
   - name: VelociraptorLinux
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc2-linux-amd64-musl
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72.0-linux-amd64-musl
     serve_locally: true
-    version: 0.72-rc2
+    version: 0.72.0
 
   # On MacOS we can not embed the config in the binary so we use a
   # shell script stub instead. See
@@ -31,11 +31,11 @@ tools:
     serve_locally: true
 
   - name: VelociraptorWindowsMSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc2-windows-amd64.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72.0-windows-amd64.msi
     serve_locally: true
-    version: 0.72-rc2
+    version: 0.72.0
 
   - name: VelociraptorWindows_x86MSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72-rc2-windows-386.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.72/velociraptor-v0.72.0-windows-386.msi
     serve_locally: true
-    version: 0.72-rc2
+    version: 0.72.0
diff --git a/docs/wix/README.md b/docs/wix/README.md
index b5cbf41f8c8..7ea0a8c1c6a 100644
--- a/docs/wix/README.md
+++ b/docs/wix/README.md
@@ -11,9 +11,10 @@ are happy with the default settings it is easier to just use the
 official distributed MSI packages.
 
 To build MSI packages you will need to download and install the WIX
-distribution from the github page (it requires .NET 3.5):
+distribution from the github page. We currently recommend the 3.14
+release series:
 
-http://wixtoolset.org/releases/
+https://github.com/wixtoolset/wix3/releases/
 
 Next, follow these steps:
 
diff --git a/docs/wix/build_amd64.bat b/docs/wix/build_amd64.bat
index 10ce577c0f7..66ab9105100 100755
--- a/docs/wix/build_amd64.bat
+++ b/docs/wix/build_amd64.bat
@@ -1,3 +1,3 @@
-"c:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" velociraptor_amd64.xml -arch x64 -ext "c:\Program Files (x86)\WiX Toolset v3.11\bin\WixUtilExtension.dll"
+"c:\Program Files (x86)\WiX Toolset v3.14\bin\candle.exe" velociraptor_amd64.xml -arch x64 -ext "c:\Program Files (x86)\WiX Toolset v3.14\bin\WixUtilExtension.dll"
 
-"c:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" velociraptor_amd64.wixobj -ext "c:\Program Files (x86)\WiX Toolset v3.11\bin\WixUtilExtension.dll"
+"c:\Program Files (x86)\WiX Toolset v3.14\bin\light.exe" velociraptor_amd64.wixobj -ext "c:\Program Files (x86)\WiX Toolset v3.14\bin\WixUtilExtension.dll"
diff --git a/docs/wix/build_x86.bat b/docs/wix/build_x86.bat
index 86ce8b170e4..70575f6584f 100755
--- a/docs/wix/build_x86.bat
+++ b/docs/wix/build_x86.bat
@@ -1,3 +1,3 @@
-"c:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" velociraptor_x86.xml -arch x86 -ext "c:\Program Files (x86)\WiX Toolset v3.11\bin\WixUtilExtension.dll"
+"c:\Program Files (x86)\WiX Toolset v3.14\bin\candle.exe" velociraptor_x86.xml -arch x86 -ext "c:\Program Files (x86)\WiX Toolset v3.14\bin\WixUtilExtension.dll"
 
-"c:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" velociraptor_x86.wixobj -ext "c:\Program Files (x86)\WiX Toolset v3.11\bin\WixUtilExtension.dll"
+"c:\Program Files (x86)\WiX Toolset v3.14\bin\light.exe" velociraptor_x86.wixobj -ext "c:\Program Files (x86)\WiX Toolset v3.14\bin\WixUtilExtension.dll"
diff --git a/go.mod b/go.mod
index 93c76c51d29..0198a8055ab 100644
--- a/go.mod
+++ b/go.mod
@@ -99,7 +99,7 @@ require (
 	www.velocidex.com/golang/go-prefetch v0.0.0-20220801101854-338dbe61982a
 	www.velocidex.com/golang/oleparse v0.0.0-20230217092320-383a0121aafe
 	www.velocidex.com/golang/regparser v0.0.0-20240404115756-2169ac0e3c09
-	www.velocidex.com/golang/vfilter v0.0.0-20240417120216-f7fa24ce744e
+	www.velocidex.com/golang/vfilter v0.0.0-20240421183637-1454295e8546
 )
 
 require (
diff --git a/go.sum b/go.sum
index 988e6aca4d5..6ff1ba8d328 100644
--- a/go.sum
+++ b/go.sum
@@ -1344,7 +1344,7 @@ www.velocidex.com/golang/oleparse v0.0.0-20230217092320-383a0121aafe h1:o9jQWSwK
 www.velocidex.com/golang/oleparse v0.0.0-20230217092320-383a0121aafe/go.mod h1:R7IisRzDO7q5LVRJsCQf1xA50LrIavsPWzAjVE4THyY=
 www.velocidex.com/golang/regparser v0.0.0-20240404115756-2169ac0e3c09 h1:G1RWYBXP2lSzxKcrAU1YhiUlBetZ7hGIzIiWuuazvfo=
 www.velocidex.com/golang/regparser v0.0.0-20240404115756-2169ac0e3c09/go.mod h1:pxSECT5mWM3goJ4sxB4HCJNKnKqiAlpyT8XnvBwkLGU=
-www.velocidex.com/golang/vfilter v0.0.0-20240417120216-f7fa24ce744e h1:FhnWGS3SjGaUh4mGkVhJ/CakqQgWVAKwToRVB5s7dAM=
-www.velocidex.com/golang/vfilter v0.0.0-20240417120216-f7fa24ce744e/go.mod h1:P50KPQr2LpWVAu7ilGH8CBLBASGtOJ2971yA9YhR8rY=
+www.velocidex.com/golang/vfilter v0.0.0-20240421183637-1454295e8546 h1:XWhIhCSFt/qEgmrYiUSB5J4KaGmBK0R20P/jzenwV+E=
+www.velocidex.com/golang/vfilter v0.0.0-20240421183637-1454295e8546/go.mod h1:P50KPQr2LpWVAu7ilGH8CBLBASGtOJ2971yA9YhR8rY=
 www.velocidex.com/golang/vtypes v0.0.0-20240123105603-069d4a7f435c h1:rL/It+Ig+mvIhmy9vl5gg5b6CX2J12x0v2SXIT2RoWE=
 www.velocidex.com/golang/vtypes v0.0.0-20240123105603-069d4a7f435c/go.mod h1:tjaJNlBWbvH4cEMrEu678CFR2hrtcdyPINIpRxrOh4U=
diff --git a/gui/velociraptor/src/components/core/api-service.jsx b/gui/velociraptor/src/components/core/api-service.jsx
index 48db0a18649..d6e467f330b 100644
--- a/gui/velociraptor/src/components/core/api-service.jsx
+++ b/gui/velociraptor/src/components/core/api-service.jsx
@@ -53,8 +53,24 @@ function retryDelay(retryNumber = 0) {
 }
 
 function isRetryableError(error) {
-    return error.code !== 'ECONNABORTED' && (!error.response || (
-        error.response.status >= 500 && error.response.status <= 599));
+    if (error.code === 'ECONNABORTED') {
+        return false;
+    }
+
+    if (!error.response) {
+        return true;
+    }
+
+    // This represents a real server error no need to retry it.
+    if (error.response.data && error.response.data.code) {
+        return false;
+    }
+
+    if (error.response.status >= 500 && error.response.status <= 599) {
+        return true;
+    }
+
+    return false;
 }
 
 function isNetworkError(error) {
diff --git a/gui/velociraptor/src/components/notebooks/notebook-cell-renderer.jsx b/gui/velociraptor/src/components/notebooks/notebook-cell-renderer.jsx
index 020628155fb..154b1290c88 100644
--- a/gui/velociraptor/src/components/notebooks/notebook-cell-renderer.jsx
+++ b/gui/velociraptor/src/components/notebooks/notebook-cell-renderer.jsx
@@ -147,6 +147,11 @@ export default class NotebookCellRenderer extends React.Component {
         selected_cell_id: PropTypes.string,
         setSelectedCellId: PropTypes.func,
 
+        // Manage notebook lock state. The notebook tries to avoid
+        // confusing by locking updates while any cell is calculating.
+        notebookLocked: PropTypes.number,
+        incNotebookLocked: PropTypes.func,
+
         upCell: PropTypes.func,
         downCell: PropTypes.func,
         deleteCell: PropTypes.func,
@@ -254,13 +259,18 @@ export default class NotebookCellRenderer extends React.Component {
         this.source.cancel();
         this.source = CancelToken.source();
 
-        let cell_version = (this.props.cell_metadata && this.props.cell_metadata.current_version);
+        let cell_version = this.props.cell_metadata &&
+            this.props.cell_metadata.current_version;
+
+        this.props.incNotebookLocked(1);
 
         api.get("v1/GetNotebookCell", {
             notebook_id: this.props.notebook_id,
             cell_id: this.props.cell_metadata.cell_id,
             version: cell_version,
         }, this.source.token).then((response) => {
+            this.props.incNotebookLocked(-1);
+
             if (response.cancel) {
                 return;
             }
@@ -271,7 +281,17 @@ export default class NotebookCellRenderer extends React.Component {
                                input: cell.input,
                                loading: false});
             }
-        });
+
+
+        }).catch((e) => {
+            this.props.incNotebookLocked(-1);
+
+            let message = e.response && e.response.data &&
+                e.response.data.message;
+            let cell = Object.assign({}, this.props.cell_metadata || {});
+            cell.messages = [message];
+            this.setState({loading: false, cell: cell});
+        });;
     };
 
     setEditing = (edit) => {
@@ -281,10 +301,10 @@ export default class NotebookCellRenderer extends React.Component {
     getPlaceholder = () => {
         let type = this.ace_type(this.state.cell && this.state.cell.type);
         if (type === "vql") {
-            return "Type VQL to evaluate on the server (press ? for help)";
+            return T("Type VQL to evaluate on the server (press ? for help)");
         };
         if (type === "markdown") {
-            return "Enter markdown text to render in the notebook";
+            return T("Enter markdown text to render in the notebook");
         };
         return type;
     }
@@ -337,6 +357,9 @@ export default class NotebookCellRenderer extends React.Component {
         this.update_source.cancel();
         this.update_source = CancelToken.source();
 
+        // Lock the notebook until we refresh the notebook.
+        this.props.incNotebookLocked(1);
+
         api.post('v1/UpdateNotebookCell', {
             notebook_id: this.props.notebook_id,
             cell_id: this.state.cell.cell_id,
@@ -345,6 +368,8 @@ export default class NotebookCellRenderer extends React.Component {
             currently_editing: false,
             input: this.state.cell.input,
         }, this.update_source.token).then( (response) => {
+            this.props.incNotebookLocked(-1);
+
             if (response.cancel) {
                 this.setState({currently_editing: false});
                 return;
@@ -357,9 +382,17 @@ export default class NotebookCellRenderer extends React.Component {
                 keep_editing = true;
             }
 
-            this.setState({cell: response.data,
-                           loading: false,
-                           currently_editing: keep_editing});
+            let cell = response.data;
+            if (cell.cell_id === this.props.cell_metadata.cell_id) {
+                this.setState({cell: response.data,
+                               loading: false,
+                               currently_editing: keep_editing});
+            } else {
+                this.fetchCellContents();
+            }
+
+        }).catch(e=>{
+            this.props.incNotebookLocked(-1);
         });
 
     }
@@ -397,14 +430,18 @@ export default class NotebookCellRenderer extends React.Component {
         this.update_source.cancel();
         this.update_source = CancelToken.source();
 
+        this.props.incNotebookLocked(1);
+
         api.post('v1/UpdateNotebookCell', {
             notebook_id: this.props.notebook_id,
             cell_id: cell.cell_id,
-            type: cell.type || "Markdown",
+            type: cell.type || T("Markdown"),
             env: this.state.cell.env,
             currently_editing: false,
             input: cell.input,
         }, this.update_source.token).then( (response) => {
+            this.props.incNotebookLocked(-1);
+
             if (response.cancel) {
                 this.setState({currently_editing: false});
                 return;
@@ -416,11 +453,23 @@ export default class NotebookCellRenderer extends React.Component {
                 api.error(response.data.error);
                 keep_editing = true;
             }
-            this.setState({cell: response.data,
-                           currently_editing: keep_editing});
 
-            if(this.state.ace && this.state.ace.setValue && response.data.input) {
-                this.state.ace.setValue(response.data.input);
+            let cell = response.data;
+            if (cell.cell_id === this.props.cell_metadata.cell_id) {
+                this.setState({cell: response.data,
+                               loading: false,
+                               currently_editing: keep_editing});
+
+                // Update the ACL edit box if needed.
+                if (this.state.ace &&
+                    this.state.ace.setValue &&
+                    response.data.input) {
+
+                    this.state.ace.setValue(response.data.input);
+                }
+
+            } else {
+                this.fetchCellContents();
             }
         });
     };
@@ -703,6 +752,7 @@ export default class NotebookCellRenderer extends React.Component {
               <Button data-tooltip={T("Up Cell")}
                       data-position="right"
                       className="btn-tooltip"
+                      disabled={this.props.notebookLocked}
                       onClick={() => {
                           this.props.upCell(this.state.cell.cell_id);
                       }}
@@ -713,6 +763,7 @@ export default class NotebookCellRenderer extends React.Component {
               <Button data-tooltip={T("Down Cell")}
                       data-position="right"
                       className="btn-tooltip"
+                      disabled={this.props.notebookLocked}
                       onClick={() => {
                           this.props.downCell(this.state.cell.cell_id);
                       }}
diff --git a/gui/velociraptor/src/components/notebooks/notebook-renderer.jsx b/gui/velociraptor/src/components/notebooks/notebook-renderer.jsx
index b737a1086f8..382a695339b 100644
--- a/gui/velociraptor/src/components/notebooks/notebook-renderer.jsx
+++ b/gui/velociraptor/src/components/notebooks/notebook-renderer.jsx
@@ -19,6 +19,13 @@ export default class NotebookRenderer extends React.Component {
     state = {
         selected_cell_id: "",
         loading: false,
+
+        // A locked notebook can not be edited. Each time a cell is in
+        // flight, we increment the lock count until the notebook is in
+        // a valid state, then the lock is decremented. This ensures
+        // notebooks can only be edited is places where the server
+        // acknowledges the current state.
+        locked: 0,
     }
 
     setSelectedCellId = (cell_id) => {
@@ -35,7 +42,8 @@ export default class NotebookRenderer extends React.Component {
     }
 
     upCell = (cell_id) => {
-        let cell_metadata = this.props.notebook.cell_metadata;
+        let notebook = Object.assign({}, this.props.notebook);
+        let cell_metadata = [...notebook.cell_metadata];
         let changed = false;
 
         let new_cells = [];
@@ -51,22 +59,24 @@ export default class NotebookRenderer extends React.Component {
         }
 
         if (changed) {
-            this.props.notebook.cell_metadata = new_cells;
+            notebook.cell_metadata = new_cells;
             this.setState({loading: true});
-            api.post('v1/UpdateNotebook',
-                     this.props.notebook, this.source.token).then(response=>{
+            api.post('v1/UpdateNotebook', notebook,
+                     this.source.token).then(response=>{
                          if (response.cancel) return;
                          this.props.fetchNotebooks();
                          this.setState({loading: false});
-                     }, (response) => {
-                         console.log("Error " + response.data);
+                     }).catch(e=> {
+                         this.setState({loading: false});
+                         this.props.fetchNotebooks();
                      });
         }
     };
 
     deleteCell = (cell_id) => {
-        var changed = false;
-        var cell_metadata = this.props.notebook.cell_metadata;
+        let changed = false;
+        let notebook = Object.assign({}, this.props.notebook);
+        let cell_metadata = [...notebook.cell_metadata];
 
         // Dont allow us to remove all cells.
         if (cell_metadata.length <= 1) {
@@ -83,24 +93,25 @@ export default class NotebookRenderer extends React.Component {
         }
 
         if (changed) {
-            this.props.notebook.cell_metadata = new_cells;
+            notebook.cell_metadata = new_cells;
             this.setState({loading: true});
-            api.post('v1/UpdateNotebook',
-                     this.props.notebook,
+            api.post('v1/UpdateNotebook', notebook,
                      this.source.token).then(response=>{
                          if (response.cancel) return;
 
                          this.props.fetchNotebooks();
                          this.setState({loading: false});
-                     }, function failure(response) {
-                         console.log("Error " + response.data);
+                     }).catch(e=>{
+                         this.setState({loading: false});
+                         this.props.fetchNotebooks();
                      });
         }
     };
 
     downCell = (cell_id) => {
         var changed = false;
-        var cell_metadata = this.props.notebook.cell_metadata;
+        let notebook = Object.assign({}, this.props.notebook);
+        var cell_metadata = [...notebook.cell_metadata];
 
         var new_cells = [];
         for (var i=0; i<cell_metadata.length; i++) {
@@ -118,16 +129,16 @@ export default class NotebookRenderer extends React.Component {
         }
 
         if (changed) {
-            this.props.notebook.cell_metadata = new_cells;
+            notebook.cell_metadata = new_cells;
             this.setState({loading: true});
-            api.post('v1/UpdateNotebook',
-                     this.props.notebook,
+            api.post('v1/UpdateNotebook', notebook,
                      this.source.token).then(response=>{
                          if (response.cancel) return;
                          this.props.fetchNotebooks();
                          this.setState({loading: false});
-                     }, function failure(response) {
-                         console.log("Error " + response.data);
+                     }).catch(e=>{
+                         this.setState({loading: false});
+                         this.props.fetchNotebooks();
                      });
         }
     };
@@ -182,6 +193,13 @@ export default class NotebookRenderer extends React.Component {
                            downCell={this.downCell}
                            deleteCell={this.deleteCell}
                            addCell={this.addCell}
+                           notebookLocked={this.state.locked}
+                           incNotebookLocked={x=>this.setState(
+                               prevState=>{
+                                   // Atomic version of setState
+                                   // https://www.digitalocean.com/community/tutorials/react-getting-atomic-updates-with-setstate
+                                   return {locked: x+prevState.locked};
+                               })}
                       />;
               })}
             </>
diff --git a/gui/velociraptor/src/components/utils/json.jsx b/gui/velociraptor/src/components/utils/json.jsx
index 4cf02178e04..3c589721887 100644
--- a/gui/velociraptor/src/components/utils/json.jsx
+++ b/gui/velociraptor/src/components/utils/json.jsx
@@ -316,7 +316,7 @@ class RenderArray extends RenderObject {
             let abridged = this.props.value.slice(0, collapse_array_length-1);
             let indent = this.props.indent || 0;
             let buttons = [
-                <a className="json-expand-button"
+                <a className="json-expand-button" key="1"
                    onClick={x=>this.setState({showModal: true})}>
                   <span className="json-pad json-expand-button" style={{
                       paddingLeft: indent + 3 * scale}}>
diff --git a/services/notebook/calculate.go b/services/notebook/calculate.go
index 347a12350e7..5cd44bdf451 100644
--- a/services/notebook/calculate.go
+++ b/services/notebook/calculate.go
@@ -74,6 +74,7 @@ func (self *NotebookManager) UpdateNotebookCell(
 		Timestamp:         utils.GetTime().Now().Unix(),
 		CurrentlyEditing:  in.CurrentlyEditing,
 		Calculating:       true,
+		Output:            "Loading",
 		Env:               in.Env,
 		CurrentVersion:    in.Version,
 		AvailableVersions: in.AvailableVersions,
diff --git a/services/notebook/calculate_test.go b/services/notebook/calculate_test.go
index 5e10c5d9812..8f5e48dc896 100644
--- a/services/notebook/calculate_test.go
+++ b/services/notebook/calculate_test.go
@@ -13,6 +13,7 @@ import (
 	"www.velocidex.com/golang/velociraptor/file_store/test_utils"
 	"www.velocidex.com/golang/velociraptor/json"
 	"www.velocidex.com/golang/velociraptor/services"
+	"www.velocidex.com/golang/velociraptor/services/notebook"
 	"www.velocidex.com/golang/velociraptor/utils"
 	"www.velocidex.com/golang/velociraptor/vtesting"
 )
@@ -43,6 +44,9 @@ func (self *NotebookManagerTestSuite) SetupTest() {
 
 	self.LoadArtifactsIntoConfig(mock_definitions)
 
+	// Stop automatic syncing
+	notebook.DO_NOT_SYNC_NOTEBOOKS_FOR_TEST = true
+
 	self.TestSuite.SetupTest()
 
 	// Mock out cell ID generation for tests
diff --git a/services/notebook/progress.go b/services/notebook/progress.go
index ac65a9aee2d..58179363864 100644
--- a/services/notebook/progress.go
+++ b/services/notebook/progress.go
@@ -41,7 +41,8 @@ func (self *progressReporter) Report(message string) {
                    params='{"notebook_id":"%s","cell_id":"%s","table_id":1,"cell_version": "%s", "message": "%s"}' />
 </div>
 `,
-		message, duration,
+		html.EscapeString(message),
+		html.EscapeString(duration.String()),
 		html.EscapeString(self.notebook_id),
 		html.EscapeString(self.notebook_cell.CellId),
 		html.EscapeString(self.version),
diff --git a/services/notebook/storage.go b/services/notebook/storage.go
index 5bdcd2204fc..17a814447dc 100644
--- a/services/notebook/storage.go
+++ b/services/notebook/storage.go
@@ -20,6 +20,8 @@ import (
 
 var (
 	IGNORE_REPORT chan *ordereddict.Dict = nil
+
+	DO_NOT_SYNC_NOTEBOOKS_FOR_TEST = true
 )
 
 type NotebookStore interface {
@@ -72,6 +74,11 @@ func NewNotebookStore(
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
+
+		if DO_NOT_SYNC_NOTEBOOKS_FOR_TEST {
+			return
+		}
+
 		for {
 			select {
 			case <-ctx.Done():
@@ -87,8 +94,15 @@ func NewNotebookStore(
 
 func (self *NotebookStoreImpl) SetNotebook(in *api_proto.NotebookMetadata) error {
 	self.mu.Lock()
-	self.global_notebooks[in.NotebookId] = in
-	self.mu.Unlock()
+	defer self.mu.Unlock()
+
+	return self._SetNotebook(in)
+}
+
+func (self *NotebookStoreImpl) _SetNotebook(in *api_proto.NotebookMetadata) error {
+	if isGlobalNotebooks(in.NotebookId) {
+		self.global_notebooks[in.NotebookId] = in
+	}
 
 	db, err := datastore.GetDB(self.config_obj)
 	if err != nil {
@@ -103,6 +117,13 @@ func (self *NotebookStoreImpl) SetNotebook(in *api_proto.NotebookMetadata) error
 }
 
 func (self *NotebookStoreImpl) GetNotebook(notebook_id string) (*api_proto.NotebookMetadata, error) {
+	self.mu.Lock()
+	defer self.mu.Unlock()
+
+	return self._GetNotebook(notebook_id)
+}
+
+func (self *NotebookStoreImpl) _GetNotebook(notebook_id string) (*api_proto.NotebookMetadata, error) {
 	db, err := datastore.GetDB(self.config_obj)
 	if err != nil {
 		return nil, err
@@ -113,6 +134,7 @@ func (self *NotebookStoreImpl) GetNotebook(notebook_id string) (*api_proto.Noteb
 	err = db.GetSubject(self.config_obj, notebook_path_manager.Path(),
 		notebook)
 
+	// Deduplicate cells
 	cell_metadata := ordereddict.NewDict()
 	for _, cell := range notebook.CellMetadata {
 		_, pres := cell_metadata.Get(cell.CellId)
@@ -133,8 +155,13 @@ func (self *NotebookStoreImpl) GetNotebook(notebook_id string) (*api_proto.Noteb
 	return notebook, err
 }
 
+// Update a notebook cell atomically.
 func (self *NotebookStoreImpl) SetNotebookCell(
 	notebook_id string, in *api_proto.NotebookCell) error {
+
+	self.mu.Lock()
+	defer self.mu.Unlock()
+
 	db, err := datastore.GetDB(self.config_obj)
 	if err != nil {
 		return err
@@ -148,7 +175,7 @@ func (self *NotebookStoreImpl) SetNotebookCell(
 	}
 
 	// Open the notebook and update the cell's timestamp.
-	notebook, err := self.GetNotebook(notebook_id)
+	notebook, err := self._GetNotebook(notebook_id)
 	if err != nil {
 		return err
 	}
@@ -171,16 +198,20 @@ func (self *NotebookStoreImpl) SetNotebookCell(
 	if !found {
 		cell_md := proto.Clone(in).(*api_proto.NotebookCell)
 		cell_md.Timestamp = now
-		new_cell_md = append(new_cell_md, in)
+		new_cell_md = append(new_cell_md, cell_md)
 	}
 
 	notebook.CellMetadata = new_cell_md
-	return self.SetNotebook(notebook)
+	return self._SetNotebook(notebook)
 }
 
 func (self *NotebookStoreImpl) RemoveNotebookCell(
 	ctx context.Context, config_obj *config_proto.Config,
 	notebook_id, cell_id, version string, output_chan chan *ordereddict.Dict) error {
+
+	self.mu.Lock()
+	defer self.mu.Unlock()
+
 	db, err := datastore.GetDB(self.config_obj)
 	if err != nil {
 		return err
@@ -241,7 +272,7 @@ func (self *NotebookStoreImpl) RemoveNotebookCell(
 	}
 
 	// Open the notebook and remove the cell
-	notebook, err := self.GetNotebook(notebook_id)
+	notebook, err := self._GetNotebook(notebook_id)
 	if err != nil {
 		return err
 	}
@@ -265,7 +296,7 @@ func (self *NotebookStoreImpl) RemoveNotebookCell(
 	}
 
 	notebook.CellMetadata = new_cell_md
-	return self.SetNotebook(notebook)
+	return self._SetNotebook(notebook)
 }
 
 func (self *NotebookStoreImpl) GetNotebookCell(
@@ -373,7 +404,8 @@ func (self *NotebookStoreImpl) syncAllNotebooks() error {
 		}
 
 		notebook := res.Message().(*api_proto.NotebookMetadata)
-		if notebook.NotebookId == "" {
+		if notebook.NotebookId == "" ||
+			!isGlobalNotebooks(notebook.NotebookId) {
 			continue
 		}
 		self.global_notebooks[notebook.NotebookId] = notebook
diff --git a/services/notebook/storage_test.go b/services/notebook/storage_test.go
new file mode 100644
index 00000000000..1faf79469c8
--- /dev/null
+++ b/services/notebook/storage_test.go
@@ -0,0 +1,40 @@
+package notebook_test
+
+import (
+	"time"
+
+	"github.com/alecthomas/assert"
+	api_proto "www.velocidex.com/golang/velociraptor/api/proto"
+	"www.velocidex.com/golang/velociraptor/services"
+	"www.velocidex.com/golang/velociraptor/utils"
+)
+
+func (self *NotebookManagerTestSuite) TestNotebookStorage() {
+	closer := utils.MockTime(utils.NewMockClock(time.Unix(10, 10)))
+	defer closer()
+
+	notebook_manager, err := services.GetNotebookManager(self.ConfigObj)
+	assert.NoError(self.T(), err)
+
+	// Create a notebook the usual way.
+	global_notebook, err := notebook_manager.NewNotebook(
+		self.Ctx, "admin", &api_proto.NotebookMetadata{
+			Name: "Test Global Notebook",
+		})
+	assert.NoError(self.T(), err)
+
+	// Now create a flow notebook - these have pre-determined ID
+	_, err = notebook_manager.NewNotebook(
+		self.Ctx, "admin", &api_proto.NotebookMetadata{
+			Name:       "Test Flow Notebook",
+			NotebookId: "N.F.CODU1SDAMQ3CM-C.3ece159995d35b34",
+		})
+	assert.NoError(self.T(), err)
+
+	// Now list all notebooks - should only see the global one.
+	notebooks, err := notebook_manager.GetAllNotebooks()
+	assert.NoError(self.T(), err)
+
+	assert.Equal(self.T(), 1, len(notebooks))
+	assert.Equal(self.T(), global_notebook.NotebookId, notebooks[0].NotebookId)
+}
diff --git a/services/notebook/utils.go b/services/notebook/utils.go
index 3f14c23c663..57c626085cf 100644
--- a/services/notebook/utils.go
+++ b/services/notebook/utils.go
@@ -1,6 +1,8 @@
 package notebook
 
 import (
+	"strings"
+
 	api_proto "www.velocidex.com/golang/velociraptor/api/proto"
 	"www.velocidex.com/golang/velociraptor/utils"
 )
@@ -21,6 +23,16 @@ func GetNextVersion(version string) string {
 	return utils.NextId()
 }
 
+func isGlobalNotebooks(notebook_id string) bool {
+	if strings.HasPrefix(notebook_id, "N.F.") || // Flow Notebook
+		strings.HasPrefix(notebook_id, "N.H.") || // Hunt Notebook
+		strings.HasPrefix(notebook_id, "N.E.") { // Event Notebook
+		return false
+	}
+
+	return true
+}
+
 // Not all values from the real cell are stored in cell summaries.
 func SummarizeCell(cell_md *api_proto.NotebookCell) *api_proto.NotebookCell {
 	return &api_proto.NotebookCell{
@@ -29,5 +41,6 @@ func SummarizeCell(cell_md *api_proto.NotebookCell) *api_proto.NotebookCell {
 		Type:              cell_md.Type,
 		CurrentVersion:    cell_md.CurrentVersion,
 		AvailableVersions: cell_md.AvailableVersions,
+		Calculating:       cell_md.Calculating,
 	}
 }
diff --git a/services/notebook/worker.go b/services/notebook/worker.go
index 65efd187d47..c43c09d3d9a 100644
--- a/services/notebook/worker.go
+++ b/services/notebook/worker.go
@@ -62,6 +62,7 @@ func (self *NotebookWorker) ProcessUpdateRequest(
 		Timestamp:         utils.GetTime().Now().Unix(),
 		CurrentlyEditing:  in.CurrentlyEditing,
 		Calculating:       true,
+		Output:            "Loading ...",
 		Env:               in.Env,
 		CurrentVersion:    in.Version,
 		AvailableVersions: in.AvailableVersions,
@@ -70,11 +71,6 @@ func (self *NotebookWorker) ProcessUpdateRequest(
 	notebook_path_manager := paths.NewNotebookPathManager(
 		notebook_metadata.NotebookId)
 
-	err := store.SetNotebook(notebook_metadata)
-	if err != nil {
-		return nil, err
-	}
-
 	// The query will run in a sub context of the main context to
 	// allow our notification to cancel it.  NOTE: The
 	// updateCellContents() function itself must run as the parent
diff --git a/vql/grouper/mergegrouper.go b/vql/grouper/mergegrouper.go
index 8d40c137c99..2d9556187c1 100644
--- a/vql/grouper/mergegrouper.go
+++ b/vql/grouper/mergegrouper.go
@@ -102,22 +102,26 @@ func (self *MergeSortGrouper) groupWithSorting(
 		defer close(row_chan)
 
 		for {
-			_, row, bin_idx, _, err := actor.GetNextRow(ctx, scope)
+			_, row, bin_idx, new_scope, err := actor.GetNextRow(ctx, scope)
 			if err != nil {
 				break
 			}
-			materialized_row := actor.MaterializeRow(ctx, row, scope).
+
+			materialized_row := actor.MaterializeRow(ctx, row, new_scope).
 				Set(GROUPBY_COLUMN, bin_idx)
 
-			scope.ChargeOp()
+			new_scope.ChargeOp()
 
 			select {
 			case <-ctx.Done():
+				new_scope.Close()
 				return
 
 			case row_chan <- materialized_row:
 			}
+
 			groupByMergeSortCount.Inc()
+			new_scope.Close()
 		}
 	}()
 
@@ -218,11 +222,13 @@ func (self *MergeSortGrouper) Group(
 			// Bins are too large we switch to the slower sort method
 			// which is memory constrained.
 			if self.bins.Len() > int(max_in_memory_group_by) {
-				scope.Log("GROUP BY: %v bins exceeded, Switching to slower file based",
+				scope.Log("GROUP BY: %v bins exceeded, Switching to slower file based operation",
 					self.bins.Len())
-				self.groupWithSorting(ctx, scope, output_chan, actor)
+				self.groupWithSorting(ctx, new_scope, output_chan, actor)
+				new_scope.Close()
 				return
 			}
+			new_scope.Close()
 		}
 
 		self.emitBins(ctx, output_chan)
diff --git a/vql/parsers/event_logs/watcher.go b/vql/parsers/event_logs/watcher.go
index 136d158e4b8..0a6b87206ff 100644
--- a/vql/parsers/event_logs/watcher.go
+++ b/vql/parsers/event_logs/watcher.go
@@ -2,6 +2,7 @@ package event_logs
 
 import (
 	"context"
+	"math/rand"
 	"sync"
 	"time"
 
@@ -98,6 +99,9 @@ func (self *EventLogWatcherService) StartMonitoring(
 		frequency = 15
 	}
 
+	// Add some jitter to ensure evtx parsing is not synchronized.
+	frequency = uint64(rand.Intn(int(frequency)*2/10)) + frequency
+
 	// A resolver for messages
 	resolver, _ := evtx.GetNativeResolver()
 	accessor, err := accessors.GetAccessor(accessor_name, scope)