在Windows Docker容器Windows Server 2016中运行时的Windows Defender /更新问题
我创build了一个ASP.NET Web API,将文件作为stream内容检索,保存到磁盘并使用Windows Defender(MpCmdRun.exe)扫描文件。 在我的电脑上本地运行API时,一切都很好。 不过,我想在云端(Azure)托pipe这个API,因为我的其他应用程序在那里。 我决定把这个Web API放在Docker容器中,然后发布到Azure。 但是,在Docker容器中运行Windows Defender时,出现以下错误:
运行:
C:\Program Files\Windows Defender>MpCmdRun.exe -Scan -ScanType 3 -File ThirdPartyNotices.txt 返回:
Scan starting... CmdTool: Failed with hr = 0x8050800C. Check C:\Users\ContainerAdministrator\AppData\Local\Temp\MpCmdRun.log for more information
日志文件没有提供更多的信息。
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -File ThirdPartyNotices.txt Start Time: ?Sun ?Dec ?03 ?2017 23:53:16 Starting RunCommandScan. INFO: ScheduleJob is not set. Skipping signature update. Scanning path as file: ThirdPartyNotices.txt. Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path ThirdPartyNotices.txt, DisableRemediation = 0, BootSectorScan = 0, Timeout in days = 1) MpScan() started Warning: MpScan() encounter errror. hr = 0x8050800c MpScan() was completed ERROR: MpScan(dwOptions=16385) Completion Failed 8050800C MpCmdRun: End Time: ?Sun ?Dec ?03 ?2017 23:53:16
Dockerfile:
FROM microsoft/aspnet COPY ./bin/Release/PublishOutput/ /inetpub/wwwroot #So I can write sent file to disk in container RUN powershell New-Item c:\inetpub\wwwroot\temp_files -type directory RUN icacls c:\inetpub\wwwroot\temp_files /grant IIS_IUSRS:F #Without this Windows Update is disabled RUN powershell Set-Service wuauserv -StartupType "Automatic" #Without this Windows defender is disabled RUN reg add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 2 /f #Tried running these, as well as Update-MpSignature in powershell, to no success. #RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-RemoveDefinitions", "-All"] #RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-SignatureUpdate"]
在Docker容器内部时(docker exec -it test powershell)。 在PowerShell中运行Get-MpComputerStatus返回以下内容:
AMEngineVersion : 1.1.14306.0 AMProductVersion : 4.10.14393.1794 AMServiceEnabled : True AMServiceVersion : 4.10.14393.1794 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 12/3/2017 8:15:49 PM AntispywareSignatureVersion : 1.257.1327.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 12/3/2017 8:15:51 PM AntivirusSignatureVersion : 1.257.1327.0 BehaviorMonitorEnabled : False ComputerState : 0 FullScanAge : 4294967295 FullScanEndTime : FullScanStartTime : IoavProtectionEnabled : False LastFullScanSource : 0 LastQuickScanSource : 0 NISEnabled : False NISEngineVersion : 0.0.0.0 NISSignatureAge : 4294967295 NISSignatureLastUpdated : NISSignatureVersion : 0.0.0.0 OnAccessProtectionEnabled : False QuickScanAge : 4294967295 QuickScanEndTime : QuickScanStartTime : RealTimeProtectionEnabled : False RealTimeScanDirection : 0 PSComputerName :
这里我关心的是NIS设置是0.0.0.0。
尝试使用Update-MpSignature更新Windows Defender签名时返回:
Update-MpSignature : Virus and spyware definitions update was completed with errors. At line:1 char:1 + Update-MpSignature + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature], CimException + FullyQualifiedErrorId : HRESULT 0x80070643,Update-MpSignature
我真的不能将RDP放入docker集装箱(据我所知,这是不可能的微软/ aspnet图像)。 这意味着我必须在命令提示符/ PowerShell中做所有事情,而且我还是很新的。
这可能不是足够的信息,甚至没有正确的信息来跟踪这个问题,但我一直坚持这种方式来长期。 如果任何人都可以给我一些关于如何寻找/如何进行查找/修复这些问题的提示。 先谢谢你!