Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3573

Check if Windows defender is running doesnt work

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • 4.12.0
    • 4.12
    • Windows Containers
    • None
    • ?
    • 0
    • WINC - Sprint 228
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with Windows Defender, regardless of state. This resulted in an error when creating firewall exclusions for `containerd` on instances without Windows Defender were installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the Windows Machine Config Operator (WMCO) can properly configure Windows instances as nodes regardless of whether Windows Defender is installed or not.

      (link:https://issues.redhat.com/browse/OCPBUGS-3573[*OCPBUGS-3573*])
      Show
      Previously, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with Windows Defender, regardless of state. This resulted in an error when creating firewall exclusions for `containerd` on instances without Windows Defender were installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the Windows Machine Config Operator (WMCO) can properly configure Windows instances as nodes regardless of whether Windows Defender is installed or not. (link: https://issues.redhat.com/browse/OCPBUGS-3573 [* OCPBUGS-3573 *])
    • Bug Fix
    • Done

    Description

      This is a clone of issue OCPBUGS-1513. The following is the description of the original issue:

      Description of problem:

      The check, whether or not Defender is running is wrong.

The Defender Services are always there, so that check returns always "true".

This is the correct method of checking: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide#use-windows-powershell-to-confirm-that-microsoft-defender-antivirus-is-running

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      Always

      Steps to Reproduce:

      1. Disable Microsoft Defender Antivirus on a VM
2. Add the VM as a BYOH node

      Actual results:

      {"level":"error","ts":1662711753.9641004,"logger":"wc __IP__","msg":"error running","cmd":"powershell.exe -NonInteractive -ExecutionPolicy Bypass \"Add-MpPreference -ExclusionProcess C:\\k\\containerd\\containerd.exe\"","out":"Add-MpPreference : The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function, script file, or \r\noperable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try \r\nagain.\r\nAt line:1 char:1\r\n+ Add-MpPreference -ExclusionProcess C:\\k\\containerd\\containerd.exe\r\n+ ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Add-MpPreference:String) [], CommandNotFoundException\r\n    + FullyQualifiedErrorId : CommandNotFoundException\r\n \r\n","error":"Process exited with status 1","stacktrace":"github.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).createWindowsDefenderExclusion\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:1056\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).configureContainerd\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:455\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).Configure\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:436\ngithub.com/openshift/windows-machine-config-operator/pkg/nodeconfig.(*nodeConfig).Configure\n\t/remote-source/build/windows-machine-config-operator/pkg/nodeconfig/nodeconfig.go:197\ngithub.com/openshift/windows-machine-config-operator/controllers.(*instanceReconciler).ensureInstanceIsUpToDate\n\t/remote-source/build/windows-machine-config-operator/controllers/controllers.go:91\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).ensureInstancesAreUpToDate\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:293\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).reconcileNodes\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:258\ngithub.com/openshift/windows-machine-config-operator/controllers.(*ConfigMapReconciler).Reconcile\n\t/remote-source/build/windows-machine-config-operator/controllers/configmap_controller.go:153\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:121\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:320\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:234"}

      Expected results:

      No error when configuring the Node

      Additional info:

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-3572 Check if Windows defender is running doesnt work

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1513 Check if Windows defender is running doesnt work

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1513 Check if Windows defender is running doesnt work

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/windows-machine-config-operator#1326: [release-4.12] OCPBUGS-3573: Fix check for Windows Defender

          mentioned on

          GitLab Merge request - Updated US source to: 5820358 Merge pull request #1319 from openshift-cherrypick-robot/cherry-pick-1272-to-release-4.12

          Activity

            People

              mohashai Mohammad Shaikh
              openshift-crt-jira-prow OpenShift Prow Bot
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: