Azure Defender for Cloud reports the following security alert when building the win22/20240922.1 image:
'Bearfoos' malware was detected on this device. An attacker might be attempting to move laterally to this device from another device on the network.
Defender detected 'Bearfoos' malware in bindgen.exe which was modified by the remotely invoked process powershell.exe via WinRs
Platforms affected
[X] Azure DevOps
[ ] GitHub Actions - Standard Runners
[ ] GitHub Actions - Larger Runners
Runner images affected
[ ] Ubuntu 20.04
[ ] Ubuntu 22.04
[ ] Ubuntu 24.04
[ ] macOS 12
[ ] macOS 13
[ ] macOS 13 Arm64
[ ] macOS 14
[ ] macOS 14 Arm64
[ ] macOS 15
[ ] macOS 15 Arm64
[ ] Windows Server 2019
[X] Windows Server 2022
Image version and build link
windows-latest
Is it regression?
Unsure
Expected behavior
No malware detection
Actual behavior
Azure Defender for Cloud reports the following security alert when building the win22/20240922.1 image:
'Bearfoos' malware was detected on this device. An attacker might be attempting to move laterally to this device from another device on the network.
Defender detected 'Bearfoos' malware in bindgen.exe which was modified by the remotely invoked process powershell.exe >via WinRs
Repro steps
Run the build of the windows 2022 image and have Azure Defender scan the build VM
Description
Azure Defender for Cloud reports the following security alert when building the win22/20240922.1 image:
Platforms affected
Runner images affected
Image version and build link
windows-latest
Is it regression?
Unsure
Expected behavior
No malware detection
Actual behavior
Azure Defender for Cloud reports the following security alert when building the win22/20240922.1 image:
Repro steps
Run the build of the windows 2022 image and have Azure Defender scan the build VM