New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minishift detected as malware #2912
Comments
closed in favor of #2914 |
closed in favor of #2914 |
On Mon, Oct 22, 2018 at 10:37 AM Krzysztof Sobkowiak < ***@***.***> wrote:
General information
- Minishift version: 1.25.0
- OS: Windows
- Hypervisor: VirtualBox
Steps to reproduce
1. Invoke any command using minishift
Expected
Command successfully invoked
Actual
Each time following window is opened by Symantec
[image: grafik]
<https://user-images.githubusercontent.com/803814/47278202-4fdea680-d5c7-11e8-95fa-6f5fdf594ba1.png>
It looks like the latest executable is no more signed
[image: grafik]
<https://user-images.githubusercontent.com/803814/47278212-65ec6700-d5c7-11e8-8caa-6af4a3e78d33.png>
The previous versions were signed by Red Hat
[image: grafik]
<https://user-images.githubusercontent.com/803814/47278224-7d2b5480-d5c7-11e8-9c7e-defd07905e73.png>
The executable is now detected as malware. I have got following email from
my security department
SOC team noticed Command and Control domain ummydownloader.com detected for user : ksobkowi and last ip address of system is 10.42.16.43
PFB details of malicious connection.
Endpoint : CE16231
Malicious Files
File Name : minishift.exe
Path : c:\trainings\ocp
Certificate : Not Available
Blocked : No
SOC recommendations:
Kindly contact onsite support team to delete the malicious file and perform below actions:
- Make sure system has updated with latest Antivirus Signature and Version
- Make sure system has updated with latest Microsoft patches.
- Remove malicious software’s from system if any.
- Run full system scan and make sure there is no infection.
Was it intended that the executable is no more signed?
We never signed our upstream with Red Hat, I think you probably were using
the CDK and shifted to upstream. I would suggest to stick with downstream
release[0] only.
[0] https://developers.redhat.com/products/cdk/download/
… —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2912>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZBl017LkAVV3VmIxg60q1brwpdTcd9ks5unVJ7gaJpZM4Xy1rF>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
General information
Steps to reproduce
Expected
Command successfully invoked
Actual
Each time following window is opened by Symantec
It looks like the latest executable is no more signed
The previous versions were signed by Red Hat
The executable is now detected as malware. I have got following email from my security department
Was it intended that the executable is no more signed?
The text was updated successfully, but these errors were encountered: