search

crc-org / crc

CRC is a tool to help you run containers. It manages a local OpenShift 4.x cluster, Microshift or a Podman VM optimized for testing and development purposes
https://crc.dev
Apache License 2.0
1.26k stars 242 forks source link

[BUG] `crc-background-launcher.exe` detected as malicious by FortiClient virus scanner #4408

Closed mmalc closed 1 month ago

mmalc commented 1 month ago

General information

CRC version

# Put `crc version` output here
CRC version: 2.42.0+6689ec
OpenShift version: 4.17.0
MicroShift version: 4.16.14

CRC status

# Put `crc status --log-level debug` output here
crc does not seem to be setup correctly, have you run 'crc setup'?

CRC config

# Put `crc config view` output here

Host Operating System

# Put the output of `systeminfo` in case of Windows

Host Name:                 DESKTOP-CQHIKGH
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19045 N/A Build 19045
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          es.admin
Registered Organization:   N/A
Product ID:                00330-52612-61921-AAOEM
Original Install Date:     28/10/2020, 7:19:11 PM
System Boot Time:          21/10/2024, 10:57:36 AM
System Manufacturer:       Dell Inc.
System Model:              OptiPlex 3070
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 158 Stepping 13 GenuineIntel ~1992 Mhz
BIOS Version:              Dell Inc. 1.7.0, 20/10/2020
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-au;English (Australia)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC+10:00) Canberra, Melbourne, Sydney
Total Physical Memory:     32,577 MB
Available Physical Memory: 8,638 MB
Virtual Memory: Max Size:  67,019 MB
Virtual Memory: Available: 7,639 MB
Virtual Memory: In Use:    59,380 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\DESKTOP-CQHIKGH
Hotfix(s):                 44 Hotfix(s) Installed.
                           [01]: KB5044029
                           [02]: KB5028951
                           [03]: KB4577266
                           [04]: KB4580325
                           [05]: KB4586864
                           [06]: KB4593175
                           [07]: KB4598481
                           [08]: KB5000736
                           [09]: KB5011048
                           [10]: KB5012170
                           [11]: KB5015684
                           [12]: KB5044273
                           [13]: KB5006753
                           [14]: KB5007273
                           [15]: KB5011352
                           [16]: KB5011651
                           [17]: KB5014032
                           [18]: KB5014035
                           [19]: KB5014671
                           [20]: KB5015895
                           [21]: KB5016705
                           [22]: KB5018506
                           [23]: KB5020372
                           [24]: KB5022924
                           [25]: KB5023794
                           [26]: KB5025315
                           [27]: KB5026879
                           [28]: KB5028318
                           [29]: KB5028380
                           [30]: KB5029709
                           [31]: KB5031539
                           [32]: KB5032392
                           [33]: KB5032907
                           [34]: KB5034224
                           [35]: KB5036447
                           [36]: KB5037018
                           [37]: KB5037240
                           [38]: KB5037995
                           [39]: KB5039336
                           [40]: KB5041579
                           [41]: KB5043935
                           [42]: KB5043130
                           [43]: KB5005699
                           [44]: KB5046400
Network Card(s):           9 NIC(s) Installed.
                           [01]: Fortinet Virtual Ethernet Adapter (NDIS 6.30)
                                 Connection Name: Ethernet 2
                                 Status:          Media disconnected
                           [02]: Fortinet SSL VPN Virtual Ethernet Adapter
                                 Connection Name: Ethernet 3
                                 Status:          Hardware not present
                           [03]: Intel(R) Wireless-AC 9560 160MHz
                                 Connection Name: Wi-Fi
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.86.1
                                 IP address(es)
                                 [01]: 192.168.86.29
                                 [02]: fe80::5ab0:84e5:bb26:142
                           [04]: Realtek PCIe GbE Family Controller
                                 Connection Name: Ethernet
                                 Status:          Media disconnected
                           [05]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection
                                 Status:          Media disconnected
                           [06]: VMware Virtual Ethernet Adapter for VMnet1
                                 Connection Name: VMware Network Adapter VMnet1
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 192.168.13.1
                                 [02]: fe80::e5de:23fe:d750:4271
                           [07]: VMware Virtual Ethernet Adapter for VMnet8
                                 Connection Name: VMware Network Adapter VMnet8
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 192.168.116.1
                                 [02]: fe80::330:b801:29e0:3505
                           [08]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (Default Switch)
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 172.31.224.1
                                 [02]: fe80::d8c3:82ce:40e6:9ffc
                           [09]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (WSL)
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 172.18.160.1
                                 [02]: fe80::9cf0:1989:7dfa:24d
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Steps to reproduce

  1. Install OpenShift local
  2. Run FortiClient virus scan

Expected

Nothing appears in the virus scanner output

Actual

The FortiClient virus scanner reports:

Infected Item: C:\Program Files\Red Hat OpenShift Local\crc-background-launcher.exe Virus: Malicious_Behaviour.SB Status: Quarantined

Logs

Before gather the logs try following if that fix your issue

$ crc delete -f
$ crc cleanup
$ crc setup
$ crc start --log-level debug

Please consider posting the output of crc start --log-level debug on http://gist.github.com/ and post the link in the issue.

anjannath commented 1 month ago

hey we are aware that the crc-background-launcher is sometimes flagged by anti-virus software, which is a false positive, the source code for the tool is available at the repo: https://github.com/crc-org/win32-background-launcher

mmalc commented 1 month ago

Thanks @anjannath, I just needed confirmation. I'll flag it as a false positive in FortiClient and close this issue.