Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malware detection prevents Docker Desktop to start #7527

Open
cdupuis opened this issue Jan 8, 2025 · 3 comments
Open

Malware detection prevents Docker Desktop to start #7527

cdupuis opened this issue Jan 8, 2025 · 3 comments
Assignees
@cdupuis @chris-crone
Labels
kind/regression

Comments

@cdupuis
Copy link

cdupuis commented Jan 8, 2025
edited
Loading

Description

Some versions of Docker Desktop might fail to start or function with the following error message:

Malware Blocked. “com.docker.vmnetd” was not opened because it contains malware. This action did not harm your Mac.

Image

Important

Those warnings are inaccurate. Docker Desktop is not affected by malware!

The reason for this warning is that some files in existing installations are incorrectly signed. This can be fixed by copying correctly signed files from the Docker.app application bundle.

Patch Releases

Tip

There are now patch releases for Docker Desktop versions 4.32 to 4.37 available. Please refer to https://docs.docker.com/desktop/cert-revoke-solution/ for more detail.

Workaround

Diagnose your Docker Desktop installation

To determine if you need to re-download and re-install Docker Desktop, please run the following steps.

  1. Download the attached check.sh.txt file, rename it to check.sh and set the executable flag with chmod +x check.sh. (Caution: it is never a good idea to just run shell scripts downloaded from the internet. Please take a moment to review the script before executing it.)
  2. Execute the following command to verify the binary in your Docker.app application bundle. The script will exit with 0 if the certificate was correctly verified:
$ ./check.sh /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd
-----------------------------------------------------------------
Certificate details for com.docker.vmnetd:
 serial=3EC22E699630083A
 subject=UID=9BNSXJN65R
 CN=Developer ID Application: Docker Inc (9BNSXJN65R)
 OU=9BNSXJN65R
 O=Docker Inc
 C=US
 issuer=CN=Developer ID Certification Authority
 OU=Apple Certification Authority
 O=Apple Inc.
 C=US
 notBefore=Oct  2 16:46:37 2024 GMT
 notAfter=Feb  1 22:12:15 2027 GMT
-----------------------------------------------------------------

com.docker.vmnetd is signed with a correct certificate
  1. You can also verify files in the /Library/PrivilegedHelperTools folder with:
    ./check.sh /Library/PrivilegedHelperTools/com.docker.vmnetd and
    sudo ./check.sh /Library/PrivilegedHelperTools/com.docker.socket
  2. If any of the above commands fail to verify the certificate, you have to re-download and re-install Docker Desktop

Privileged users

Tip

If you face this issue, try the following procedure (requires root user access):

  1. Quit Docker Desktop and check that no remaining docker processes are running using the Activity Monitor
  2. Run the following commands:
#!/bin/bash

# Stop the docker services
echo "Stopping Docker..."
sudo pkill '[dD]ocker'

# Stop the vmnetd service
echo "Stopping com.docker.vmnetd service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.vmnetd.plist

# Stop the socket service
echo "Stopping com.docker.socket service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.socket.plist

# Remove vmnetd binary
echo "Removing com.docker.vmnetd binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.vmnetd

# Remove socket binary
echo "Removing com.docker.socket binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.socket

# Install new binaries
echo "Install new binaries..."
sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
sudo cp /Applications/Docker.app/Contents/MacOS/com.docker.socket /Library/PrivilegedHelperTools/
  1. Restart Docker Desktop

If that still doesn't work, download one of the currently supported release from the Release notes, re-install the application and then finally re-apply step 2.

Non-privileged users

If the above instructions can't be used because you don't have root privileges or your Docker Desktop installation is managed by a Mobile Device Management solution, the above script needs to be executed by the MDM tool. Please contact your system administrators or Docker org owner for support.

Homebrew users

If you’ve installed Docker Desktop with Homebrew, you can update it to the latest version using brew update && brew upgrade --cask docker.
@docker docker locked and limited conversation to collaborators Jan 8, 2025
@cdupuis cdupuis pinned this issue Jan 8, 2025
@cdupuis
Copy link
Author

cdupuis commented Jan 9, 2025
edited
Loading

Docker Desktop 4.37.2 Patch Release

A patch release of Docker Desktop (for macOS only) has been released. This version prevents installations from entering into the failure state. Please update to this version as soon as possible to prevent future issues.

If you are already encountering the malware warning, please follow the steps outlined above.

Image

@cdupuis
Copy link
Author

cdupuis commented Jan 10, 2025

Patch Releases

Tip

There are now patch releases for Docker Desktop versions 4.32 to 4.37 available. Please refer to https://docs.docker.com/desktop/cert-revoke-solution/ for more detail.

@cdupuis
Copy link
Author

cdupuis commented Jan 10, 2025

Diagnose your Docker Desktop installation

To determine if you need to re-download and re-install Docker Desktop, please run the following steps.

  1. Download the attached check.sh.txt file, rename it to check.sh and set the executable flag with chmod +x check.sh. (Caution: it is never a good idea to just run shell scripts downloaded from the internet. Please take a moment to review the script before executing it.)
  2. Execute the following command to verify the binary in your Docker.app application bundle. The script will exit with 0 if the certificate was correctly verified:
$ ./check.sh /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd
-----------------------------------------------------------------
Certificate details for com.docker.vmnetd:
 serial=3EC22E699630083A
 subject=UID=9BNSXJN65R
 CN=Developer ID Application: Docker Inc (9BNSXJN65R)
 OU=9BNSXJN65R
 O=Docker Inc
 C=US
 issuer=CN=Developer ID Certification Authority
 OU=Apple Certification Authority
 O=Apple Inc.
 C=US
 notBefore=Oct  2 16:46:37 2024 GMT
 notAfter=Feb  1 22:12:15 2027 GMT
-----------------------------------------------------------------

com.docker.vmnetd is signed with a correct certificate
  1. You can also verify files in the /Library/PrivilegedHelperTools folder with:
    ./check.sh /Library/PrivilegedHelperTools/com.docker.vmnetd and
    ./check.sh /Library/PrivilegedHelperTools/com.docker.socket
  2. If any of the above commands fail to verify the certificate, you have to re-download and re-install Docker Desktop

@thaJeztah thaJeztah marked this as a duplicate of #7550 Jan 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@cdupuis cdupuis

@chris-crone chris-crone

Labels
kind/regression
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdupuis @chris-crone