Windows Defender preventing Kali Linux from installing packages

CoconutMacaroon commented 3 years ago

Windows Build Number

Microsoft Windows [Version 10.0.19042.928]

WSL Version

[ ] WSL 2
[X] WSL 1

Kernel Version

Linux version 4.4.0-19041-Microsoft

Distro Version

Kali Linux

Other Software

Windows Defender, which is turned on and is the only antivirus installed on my Windows 10 installation.

Repro Steps

Here is what I did to get the error:

Install Kali Linux from the Microsoft Store. I already had WSL 2 for my other distro (Ubuntu).
Setup Kali Linux by typing kali into a PowerShell terminal. I used Windows Terminal Preview 1.7.1032.0, but I don't think that is relevent.
Follow the normal installation procedure (provide a username and password)
After it installed, Kali said

This is a minimal installation of Kali Linux, you likely want to install supplementary tools. Learn how: https://www.kali.org/docs/troubleshooting/common-minimum-setup/
I went to that page, and wanted to install kali-linux-headless, so I went back to my terminal and did sudo apt update. The command worked as expected. It told me that packages could be updated, but I chose to (try to) install the package first.
I ran sudo apt install kali-linux-headless. I said yes, I wanted to install those packages. I was prompted to choose some settings for some of the packages, I did (although I don't remember what I chose now)

Expected Behavior

The package installed successfully, without Windows Defender getting mad about it.

Actual Behavior

After it did a ton of Get:<number> <URL>, it started unpacking the packages and selecting a few more to install. At the end, it said

Unpacking xdg-user-dirs (0.17-2) ...
Selecting previously unselected package powershell.
Preparing to unpack .../1068-powershell_7.1.3-1.debian.10_amd64.deb ...
Unpacking powershell (7.1.3-1.debian.10) ...
Errors were encountered while processing:
 /tmp/apt-dpkg-install-A09nay/0233-python3-impacket_0.9.22-1_all.deb
 /tmp/apt-dpkg-install-A09nay/0336-ettercap-common_1%3a0.8.3.1-3_amd64.deb
 /tmp/apt-dpkg-install-A09nay/0577-laudanum_1.0+r36-0kali4_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Right before (or perhaps during) those errors, Windows Defender told me it detected Ransomware: Running Get-MpThreatDetection (in PowerShell) informed me of the Ransomeware that appeared to come from my Kali WSL:

C:\Users\[me]\AppData\Local\Packages\KaliLinux.54290C8133FEE_ey8k8hqnwqnmg\LocalState\rootfs\var\cache\apt\archives\laudanum_1.0+r36-0kali4_all.deb
C:\Users\[me]\AppData\Local\Packages\KaliLinux.54290C8133FEE_ey8k8hqnwqnmg\LocalState\rootfs\var\cache\apt\archives\python3-impacket_0.9.22-1_all.deb
C:\Users\[me]\AppData\Local\Packages\KaliLinux.54290C8133FEE_ey8k8hqnwqnmg\LocalState\rootfs\var\cache\apt\archives\ettercap-common_1%3a0.8.3.1-3_amd64.deb The other paths were similar to those, all containing laudanum, impacket, or ettercap.

I tried running sudo apt update:

[sudo] password for kali:
Hit:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
65 packages can be upgraded. Run 'apt list --upgradable' to see them.

I tried sudo apt update again, which told me

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 crackmapexec : Depends: python3-impacket but it is not installed
 ettercap-graphical : Depends: ettercap-common (= 1:0.8.3.1-3) but it is not installed
 impacket-scripts : Depends: python3-impacket (>= 0.9.22) but it is not installed
 kali-linux-headless : Depends: laudanum but it is not installed
                       Depends: python3-impacket but it is not installed
 patator : Depends: python3-impacket but it is not installed
 polenum : Depends: python3-impacket but it is not installed
 python3-lsassy : Depends: python3-impacket but it is not installed
The following additional packages will be installed:
  ettercap-common laudanum python3-impacket
The following NEW packages will be installed:
  ettercap-common laudanum python3-impacket
0 upgraded, 3 newly installed, 0 to remove and 65 not upgraded.
1304 not fully installed or removed.
Need to get 1,622 kB of archives.
After this operation, 9,165 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 python3-impacket all 0.9.22-1 [861 kB]
Get:2 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 ettercap-common amd64 1:0.8.3.1-3 [735 kB]
Get:3 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 laudanum all 1.0+r36-0kali4 [26.6 kB]
Fetched 1,622 kB in 3s (597 kB/s)
dpkg-split: error: failed to read archive '/var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb': Invalid argument
dpkg: error processing archive /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb (--unpack):
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
The following additional packages will be installed:
  ettercap-common laudanum python3-impacket
The following NEW packages will be installed:
  ettercap-common laudanum python3-impacket
0 upgraded, 3 newly installed, 0 to remove and 65 not upgraded.
1304 not fully installed or removed.
Need to get 0 B/1,622 kB of archives.
After this operation, 9,165 kB of additional disk space will be used.
Do you want to continue? [Y/n]
dpkg-split: error: failed to read archive '/var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb': Invalid argument
dpkg: error processing archive /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb (--unpack):
 subprocess dpkg-split returned error exit status 2
dpkg-split: error: failed to read archive '/var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb': Invalid argument
dpkg: error processing archive /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb (--unpack):
 subprocess dpkg-split returned error exit status 2
dpkg-split: error: failed to read archive '/var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb': Invalid argument
dpkg: error processing archive /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb (--unpack):
 subprocess dpkg-split returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb
 /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb
 /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Running sudo apt --fix-broken install gave me

1304 not fully installed or removed.
Need to get 0 B/1,622 kB of archives.
After this operation, 9,165 kB of additional disk space will be used.
Do you want to continue? [Y/n]
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb
debconf: apt-extracttemplates failed: No such file or directory
dpkg-deb: error: '/var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
dpkg-deb: error: '/var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
dpkg-deb: error: '/var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb
1304 not fully installed or removed.
Need to get 0 B/1,622 kB of archives.
After this operation, 9,165 kB of additional disk space will be used.
Do you want to continue? [Y/n]
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb
E: Invalid archive signature
E: Internal error, could not locate member control.tar{.zst,.lz4,.gz,.xz,.bz2,.lzma,}
E: Prior errors apply to /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb
debconf: apt-extracttemplates failed: No such file or directory
dpkg-deb: error: '/var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
dpkg-deb: error: '/var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
dpkg-deb: error: '/var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb' is not a Debian format archive
dpkg: error processing archive /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb (--unpack):
 dpkg-deb --control subprocess returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/python3-impacket_0.9.22-1_all.deb
 /var/cache/apt/archives/ettercap-common_1%3a0.8.3.1-3_amd64.deb
 /var/cache/apt/archives/laudanum_1.0+r36-0kali4_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Diagnostic Logs

No response

therealkenc commented 3 years ago

Yeah, upgrading to WSL2 will quash this problem. Back what seems like a very long time ago I used to add WSL's root path in Windows to Defender's exception list. That might be a work-around (haven't tried lately).

CoconutMacaroon commented 3 years ago

I ran wsl --set-version 2 kali-linux in PowerShell, and after it finished, I could install the package like expected (after opening Kali). Thank you!

lehieuhuy commented 2 years ago

you need remove .deb file error in /var/cache/apt/archives using "rm -rf .deb" file error ,then dpkf --configure -a and apt update && apt install kali-linux-headless

StreamCalm commented 2 years ago

I ran wsl --set-version 2 kali-linux in PowerShell, and after it finished, I could install the package like expected (after opening Kali). Thank you!

I think it should be wsl --set-version kali-linux 2, if anybody is struggling!

microsoft / WSL