search

microsoft / azure-pipelines-tasks

Tasks for Azure Pipelines
https://aka.ms/tfbuild
MIT License
3.43k stars 2.59k forks source link

[Question]: AntiVirus block the task #19564

Open Am-Na-D opened 4 months ago

Am-Na-D commented 4 months ago

Task name

Winrm IIS Web App Management

Task version

3.*

Environment type (Please select at least one enviroment where you face this issue)

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

Azure Devops Server 2022.0.1

Operation system

windows server 2022 /2019/2016

Question

hi 
recently we faced a new problem and our antivirus blocked the Winrm iis web management task in a remote machine.
I look into the extension (https://github.com/microsoft/azure-pipelines-extensions/tree/master/Extensions/IISWebAppDeploy/Src/Tasks/IISWebAppMgmt/IISWebAppMgmtV3) and understand the reasons of the block is Invoke-expression command that exists inside on of the PowerShell in extension files.
now I wanna know, why that just happened.
What's the problem?
why AV must block this command?
is it a risky command for Windows?

NOTICE: the brand of our AN is BitDefender
NOTICE: our BitDefender use AMSI of the windows
DenisNikulin5 commented 4 months ago

Hi @Am-Na-D, thank you for the question!

The threat is similar to the SQL injections - using the Invoke-Expression command can lead to arbitrary code execution. So a developer must be sure of what he does, and avoid this command if possible. That's why your antivirus software complains about this code.

Please check this: https://learn.microsoft.com/powershell/scripting/dev-cross-plat/security/preventing-script-injection

Am-Na-D commented 4 months ago

Thanks @DenisNikulin5 honestly, this command is inside one of azure devops server tasks and when we use it inside the release, it doesn't work correctly now I understand why that doesn't work correctly I wanna know if other companies that use this task face this problem. and how to solve them the task uses Winrm to make a connection between 2 servers and with this command try to manage the IIS

DenisNikulin5 commented 4 months ago

@Am-Na-D Please create an issue in https://github.com/microsoft/azure-pipelines-extensions. Looks like it doesn't relate to the tasks in this repository.

For a fast workaround, I would suggest including the file in a whitelist for your antivirus software.