cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Docker Desktop 4.17.0.99724 from Package Feed Module detected virus (false positive?)

Hi Team,

Hope everyone is doing well. Could you please take a look at the Docker Installer from Package Feed Module. I tried to install it using command-line and got the below error. Posting all the text displayed in the cmd.

##################################################

C:\Windows\ccmcache\ij\Files>"Docker Desktop Installer.exe" install --installation-dir="C:\Program Files\Docker\Docker" --accept-license --backend=hyper-v

 

C:\Windows\ccmcache\ij\Files>-------------------------------------------------------------------------------->8

Version: 4.17.0 (99724)

Sha1:

Started on: 2023/03/24 10:16:20.916

Resources: C:\Windows\ccmcache\ij\Files\resources

OS: Windows 10 Enterprise

Edition: Enterprise

Id: 2009

Build: 19044

BuildLabName: 19041.1.amd64fre.vb_release.191206-1406

File: C:\ProgramData\DockerDesktop\install-log-admin.txt

CommandLine: "Docker Desktop Installer.exe"  install --installation-dir="C:\Program Files\Docker\Docker" --accept-license --backend=hyper-v

You can send feedback, including this log file, at https://github.com/docker/for-win/issues

[2023-03-24T10:16:21.059176300Z][ManifestAndExistingInstallationLoader][I] Install path is C:\Program Files\Docker\Docker. Loading manifest first

[2023-03-24T10:16:21.067266100Z][ManifestAndExistingInstallationLoader][I] No manifest found, returning no existing install

[2023-03-24T10:16:21.067765000Z][Installer][I] No installation found

[2023-03-24T10:16:21.281995900Z][InstallWorkflow][I] Cancel pending background download

[2023-03-24T10:16:21.285390300Z][BackgroundTransfer][I] Cancel current background transfer job

[2023-03-24T10:16:21.292494300Z][InstallWorkflow][I] Using package: res:DockerDesktop

[2023-03-24T10:16:21.292494300Z][InstallWorkflow][I] Downloading

[2023-03-24T10:16:22.952758600Z][InstallWorkflow][I] Extracting manifest

[2023-03-24T10:16:31.556744400Z][InstallWorkflow][E] Installation failed System.Exception: Manifest extraction failed: Operation did not complete successfully because the file contains a virus or potentially unwanted software.

---> System.IO.IOException: Operation did not complete successfully because the file contains a virus or potentially unwanted software.

 

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)

   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)

   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync)

   at System.IO.FileInfo.OpenRead()

   at SharpCompress.Archives.SevenZip.SevenZipArchive.LoadVolumes(FileInfo file)

   at SharpCompress.Archives.AbstractArchive`2..ctor(ArchiveType type, FileInfo fileInfo, ReaderOptions readerOptions)

   at SharpCompress.Archives.SevenZip.SevenZipArchive.Open(FileInfo fileInfo, ReaderOptions readerOptions)

   at CommunityInstaller.ExtractManifestStep.<DoAsync>d__39.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at CommunityInstaller.InstallWorkflow.<DoHandleD4WPackageAsync>d__30.MoveNext()

   --- End of inner exception stack trace ---

   at CommunityInstaller.InstallWorkflow.<DoHandleD4WPackageAsync>d__30.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at CommunityInstaller.InstallWorkflow.<DoProcessAsync>d__23.MoveNext()

[2023-03-24T10:16:31.562658800Z][InstallWorkflow][I] Rollbacking component CommunityInstaller.DownloadStep

[2023-03-24T10:16:41.163987800Z][Installer][W] Failed to track the installer started event

##################################################

(1) Solution

Looks like I found the problem. After uninstalling, docker left some leftovers in the hosts file!

Do you also have uninstalled docker and try to reinstall it now? If so, remove all Docker entries from your hosts file! This helped me, it is installing at this very moment. No idea why though :'D

View solution in original post

(3) Replies

same here today! removed docker, installed it again via same setup file... looks like it's windows virus protection that removes files that docker installer extracts :'D

windows protection history's blocked threat:
Detected: Backdoor:Win32/Bladabindi!ml
Status: Removed
A threat or app was removed from this device.
Affected Items:
File: %appdata%\..\local\temp\DockerDesktop\wiklho2gtpj

So seems to be a false positive, or I was running a virus the pasts few weeks. But I have 't used docker anyway yet^^ Still, I'm gonna wait until it's officially fixed from either side.

Looks like I found the problem. After uninstalling, docker left some leftovers in the hosts file!

Do you also have uninstalled docker and try to reinstall it now? If so, remove all Docker entries from your hosts file! This helped me, it is installing at this very moment. No idea why though :'D

Thanks for following up with your findings here. Our team had the same experience. We put these through several checks before making them available, and all indications are that it is fine. Still, concerning to see this type of thing, so hoping they address it quickly.