我创建了一个 ASP.NET Web API,它以流内容的形式检索文件,保存到磁盘并使用 Windows defender (MpCmdRun.exe) 扫描文件。在我的计算机上本地运行 API 时,一切正常。但是,我想在云 (Azure) 中托管此 API,因为我的其余应用程序都在那里。我决定将这个 Web API 放在一个 docker 容器中,然后将其发布到 Azure。但是,在 Docker 容器中运行 Windows Defender 时,出现以下错误:
运行:
C:\Program Files\Windows Defender>MpCmdRun.exe -Scan -ScanType 3 -File ThirdPartyNotices.txt
返回:
Scan starting...
CmdTool: Failed with hr = 0x8050800C. Check C:\Users\ContainerAdministrator\AppData\Local\Temp\MpCmdRun.log for more information
日志文件没有提供更多信息。
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -File
ThirdPartyNotices.txt
Start Time: ?Sun ?Dec ?03 ?2017 23:53:16
Starting RunCommandScan.
INFO: ScheduleJob is not set. Skipping signature update.
Scanning path as file: ThirdPartyNotices.txt.
Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path
ThirdPartyNotices.txt, DisableRemediation = 0, BootSectorScan
= 0, Timeout in days = 1)
MpScan() started
Warning: MpScan() encounter errror. hr = 0x8050800c
MpScan() was completed
ERROR: MpScan(dwOptions=16385) Completion Failed 8050800C
MpCmdRun: End Time: ?Sun ?Dec ?03 ?2017 23:53:16
docker 文件:
FROM microsoft/aspnet
COPY ./bin/Release/PublishOutput/ /inetpub/wwwroot
#So I can write sent file to disk in container
RUN powershell New-Item c:\inetpub\wwwroot\temp_files -type directory
RUN icacls c:\inetpub\wwwroot\temp_files /grant IIS_IUSRS:F
#Without this Windows Update is disabled
RUN powershell Set-Service wuauserv -StartupType "Automatic"
#Without this Windows defender is disabled
RUN reg add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 2 /f
#Tried running these, as well as Update-MpSignature in powershell, to no success.
#RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-RemoveDefinitions", "-All"]
#RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-SignatureUpdate"]
当在 docker 容器内时(docker exec -it test powershell)。在 powershell 中运行 Get-MpComputerStatus 返回以下内容:
AMEngineVersion : 1.1.14306.0
AMProductVersion : 4.10.14393.1794
AMServiceEnabled : True
AMServiceVersion : 4.10.14393.1794
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 12/3/2017 8:15:49 PM
AntispywareSignatureVersion : 1.257.1327.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 12/3/2017 8:15:51 PM
AntivirusSignatureVersion : 1.257.1327.0
BehaviorMonitorEnabled : False
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
PSComputerName :
在这里,我担心 NIS 设置为 0.0.0.0。
尝试更新 Windows Defender 签名时 更新-MpSignature 返回:
Update-MpSignature : Virus and spyware definitions update was completed with
errors.
At line:1 char:1
+ Update-MpSignature
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified:
(MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80070643,Update-MpSignature
我真的无法将 RDP 连接到 docker 容器中(据我所知,使用 microsoft/aspnet 图像是不可能的)。这意味着我必须在命令提示符/powershell 中执行所有操作,而我对此还是很陌生。
这可能不是足够的信息,甚至是跟踪此问题的正确信息,但我已经坚持了很长时间。如果有人能给我一些关于寻找什么/如何继续定位/修复这些问题的指示,那就太棒了。提前致谢!
最佳答案
以管理员身份运行它以完全禁用 Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $true
关于powershell - 在 Windows Docker 容器 Windows Server 2016 中运行时出现 Windows Defender/更新问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47625152/