Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3572

Check if Windows defender is running doesnt work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.11.z
    • 4.11
    • Windows Containers
    • None
    • None
    • 0
    • WINC - Sprint 228
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide

      Previously, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with Windows Defender, regardless of state. This resulted in an error when creating firewall exclusions for containerd on instances without Windows Defender installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the Windows Machine Config Operator (WMCO) can properly configure Windows instances as nodes regardless of whether Windows Defender is installed or not.
      Show
      Previously, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with Windows Defender, regardless of state. This resulted in an error when creating firewall exclusions for containerd on instances without Windows Defender installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the Windows Machine Config Operator (WMCO) can properly configure Windows instances as nodes regardless of whether Windows Defender is installed or not.
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-1513. The following is the description of the original issue:

      Description of problem:

      The check, whether or not Defender is running is wrong.
      
      The Defender Services are always there, so that check returns always "true".
      
      This is the correct method of checking: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide#use-windows-powershell-to-confirm-that-microsoft-defender-antivirus-is-running

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      Always

      Steps to Reproduce:

      1. Disable Microsoft Defender Antivirus on a VM
      2. Add the VM as a BYOH node
      

      Actual results:

      {"level":"error","ts":1662711753.9641004,"logger":"wc __IP__","msg":"error running","cmd":"powershell.exe -NonInteractive -ExecutionPolicy Bypass \"Add-MpPreference -ExclusionProcess C:\\k\\containerd\\containerd.exe\"","out":"Add-MpPreference : The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function, script file, or \r\noperable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try \r\nagain.\r\nAt line:1 char:1\r\n+ Add-MpPreference -ExclusionProcess C:\\k\\containerd\\containerd.exe\r\n+ ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Add-MpPreference:String) [], CommandNotFoundException\r\n    + FullyQualifiedErrorId : CommandNotFoundException\r\n \r\n","error":"Process exited with status 1","stacktrace":"github.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).createWindowsDefenderExclusion\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:1056\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).configureContainerd\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:455\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).Configure\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:436\ngithub.com/openshift/windows-machine-config-operator/pkg/nodeconfig.(*nodeConfig).Configure\n\t/remote-source/build/windows-machine-config-operator/pkg/nodeconfig/nodeconfig.go:197\ngithub.com/openshift/windows-machine-config-operator/controllers.(*instanceReconciler).ensureInstanceIsUpToDate\n\t/remote-source/build/windows-machine-config-operator/controllers/controllers.go:91\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).ensureInstancesAreUpToDate\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:293\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).reconcileNodes\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:258\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).Reconcile\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:153\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:121\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:320\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:234"}

      Expected results:

      No error when configuring the Node

      Additional info:

       

              mohashai Mohammad Shaikh
              openshift-crt-jira-prow OpenShift Prow Bot
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: