Minishift detected as malware

[sobkowiak]

General information

• Minishift version: 1.25.0
• OS: Windows
• Hypervisor: VirtualBox

Steps to reproduce

1. Invoke any command using minishift

Expected

Command successfully invoked

Actual

Each time following window is opened by Symantec

It looks like the latest executable is no more signed

The previous versions were signed by Red Hat

The executable is now detected as malware. I have got following email from my security department

SOC team noticed Command and Control domain ummydownloader.com detected for user : ksobkowi and last ip address of system is 10.42.16.43

PFB details of malicious connection.

Endpoint : CE16231

Malicious Files
File Name : minishift.exe
Path : c:\trainings\ocp
Certificate : Not Available
Blocked : No

SOC recommendations:

Kindly contact onsite support team to delete the malicious file and perform below actions:

- Make sure  system has updated with latest Antivirus Signature and Version  
- Make sure system has updated with latest Microsoft patches.
- Remove malicious software’s from system if any.
- Run full system scan and make sure there is no infection.

Was it intended that the executable is no more signed?

[praveenkumar]

closed in favor of #2914

[praveenkumar]

closed in favor of #2914

[praveenkumar]

On Mon, Oct 22, 2018 at 10:37 AM Krzysztof Sobkowiak < ***@***.***> wrote: General information - Minishift version: 1.25.0 - OS: Windows - Hypervisor: VirtualBox Steps to reproduce 1. Invoke any command using minishift Expected Command successfully invoked Actual Each time following window is opened by Symantec [image: grafik] <https://user-images.githubusercontent.com/803814/47278202-4fdea680-d5c7-11e8-95fa-6f5fdf594ba1.png> It looks like the latest executable is no more signed [image: grafik] <https://user-images.githubusercontent.com/803814/47278212-65ec6700-d5c7-11e8-8caa-6af4a3e78d33.png> The previous versions were signed by Red Hat [image: grafik] <https://user-images.githubusercontent.com/803814/47278224-7d2b5480-d5c7-11e8-9c7e-defd07905e73.png> The executable is now detected as malware. I have got following email from my security department SOC team noticed Command and Control domain ummydownloader.com detected for user : ksobkowi and last ip address of system is 10.42.16.43 PFB details of malicious connection. Endpoint : CE16231 Malicious Files File Name : minishift.exe Path : c:\trainings\ocp Certificate : Not Available Blocked : No SOC recommendations: Kindly contact onsite support team to delete the malicious file and perform below actions: - Make sure system has updated with latest Antivirus Signature and Version - Make sure system has updated with latest Microsoft patches. - Remove malicious software’s from system if any. - Run full system scan and make sure there is no infection. Was it intended that the executable is no more signed?

We never signed our upstream with Red Hat, I think you probably were using the CDK and shifted to upstream. I would suggest to stick with downstream release[0] only. [0] https://developers.redhat.com/products/cdk/download/

…

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#2912>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAZBl017LkAVV3VmIxg60q1brwpdTcd9ks5unVJ7gaJpZM4Xy1rF> .

-- Praveen Kumar http://fedoraproject.org/wiki/User:Kumarpraveen http://fedoraproject.org/ http://kumar-pravin.blogspot.com