search

microsoft / navcontainerhelper

Official Microsoft repository for BcContainerHelper, a PowerShell module, which makes it easier to work with Business Central Containers on Docker.
MIT License
383 stars 247 forks source link

Windows 11 Antivirus seeing BC Container as a threat. #2182

Closed StFalagar closed 2 years ago

StFalagar commented 2 years ago

When installing a new BC Container using the Local-DevEnv.ps1 script from the CICD Example, Windows Security picks up a threat as soon as the container is installed. Deleting the container solves the issue.... Mitigating procedures within Windows Security does not work. Threat as per below:

image

Scripts used to create container and cause the issue

Param(
    [Parameter(Mandatory=$false)]
    [string] $version = "ci",
    [string] $containerName = "",
    [switch] $reUseContainer,
    [string] $sharedFolder = ""
)

$containerNameParam = $containerName
$baseFolder = (Get-Item (Join-Path $PWD.Path "..")).FullName
. (Join-Path $PWD.Path "Read-Settings.ps1") -environment 'Local' -version $version
. (Join-Path $PWD.Path "Install-BcContainerHelper.ps1") -bcContainerHelperVersion $bcContainerHelperVersion -genericImageName $genericImageName
if ($containerNameParam) { $containerName = $containerNameParam }

$password = 
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object pscredential 'admin', $securePassword

$allTestResults = "testresults*.xml"
$testResultsFile = Join-Path $baseFolder "TestResults.xml"
$testResultsFiles = Join-Path $baseFolder $allTestResults
if (Test-Path $testResultsFiles) {
    Remove-Item $testResultsFiles -Force
}

Run-AlPipeline `
    -pipelineName $pipelineName `
    -containerName $containerName `
    -imageName $imageName `
    -artifact $artifact.replace('{INSIDERSASTOKEN}',$insiderSasToken) `
    -memoryLimit $memoryLimit `
    -baseFolder $baseFolder `
    -sharedFolder $sharedFolder `
    -licenseFile $licenseFile `
    -installApps $installApps `
    -installTestApps $installTestApps `
    -appFolders $appFolders `
    -testFolders $testFolders `
    -testResultsFile $testResultsFile `
    -testResultsFormat 'JUnit' `
    -installTestRunner:$installTestRunner `
    -installTestFramework:$installTestFramework `
    -installTestLibraries:$installTestLibraries `
    -installPerformanceToolkit:$installPerformanceToolkit `
    -credential $credential `
    -doNotRunTests `
    -useDevEndpoint `
    -updateLaunchJson "Local Sandbox" `
    -keepContainer `
    -reUseContainer:$reUseContainer

Full output of scripts


Set artifact = //19.0.29894.30693/w1
Set pipelineName = BC VIP Implementation-ci
Set containerName = bcvipimplementation-ci
Set installApps = ''
Set installTestApps = ''
Set previousApps = ''
Set appSourceCopMandatoryAffixes = ''
Set appSourceCopSupportedCountries = ''
Set appFolders = 'app,base'
Set testFolders = 'test'
Set memoryLimit = '6G'
Set additionalCountries = ''
Set genericImageName = ''
Set vaultNameForLocal = 'BuildVariables'
Set bcContainerHelperVersion = 'preview'
Set installTestRunner = True
Set installTestFramework = False
Set installTestLibraries = False
Set installPerformanceToolkit = False
Set enableCodeCop = False
Set enableAppSourceCop = False
Set enablePerTenantExtensionCop = True
Set enableUICop = True
Set doNotSignApps = True
Set doNotRunTests = False
Set cacheImage = True
Set CreateRuntimePackages = True
BcContainerHelper version 2.0.18
Determining artifacts to use
  _____                               _
 |  __ \                             | |
 | |__) |_ _ _ __ __ _ _ __ ___   ___| |_ ___ _ __ ___
 |  ___/ _` | '__/ _` | '_ ` _ \ / _ \ __/ _ \ '__/ __|
 | |  | (_| | | | (_| | | | | | |  __/ |_  __/ |  \__ \
 |_|   \__,_|_|  \__,_|_| |_| |_|\___|\__\___|_|  |___/

Pipeline name               BC VIP Implementation-ci
Container name              bcvipimplementation-ci
Image name                  bcimage
ArtifactUrl                 https://bcartifacts.azureedge.net/sandbox/19.0.29894.30693/w1
SasToken                    Not Specified
BcAuthContext               Not Specified
Environment
ReUseContainer              False
KeepContainer               True
Auth                        UserPassword
Credential                  Specified
CompanyName
MemoryLimit                 6G
Enable Task Scheduler       False
Assign Premium Plan         False
Install Test Runner         True
Install Test Framework      False
Install Test Libraries      False
Install Perf. Toolkit       False
CopySymbolsFromContainer    False
enableCodeCop               False
enableAppSourceCop          False
enableUICop                 False
enablePerTenantExtensionCop False
doNotPerformUpgrade         False
uninstallRemovedApps        False
escapeFromCops              False
doNotBuildTests             False
doNotRunTests               True
doNotRunBcptTests           False
useDefaultAppSourceRuleSet  False
rulesetFile
azureDevOps                 False
gitLab                      False
gitHubActions               False
License file                Specified
CodeSignCertPfxFile         Not specified
CodeSignCertPfxPassword     Not specified
CodeSignCertIsSelfSigned    False
KeyVaultCertPfxFile         Not specified
KeyVaultCertPfxPassword     Not specified
KeyVaultClientId
TestResultsFile             C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\TestResults.xml
BcptTestResultsFile         C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\bcptTestResults.json
TestResultsFormat           JUnit
AdditionalCountries
PackagesFolder
OutputFolder
BuildArtifactFolder
CreateRuntimePackages       False
AppVersion
AppBuild                    0
AppRevision                 0
Install Apps
- None
Install Test Apps
- None
Previous Apps
- None
Application folders
- C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\app
- C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\base
Test application folders
- C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\test
BCPT Test application folders
- None
Custom CodeCops
- None

  _____       _ _ _                                          _        _
 |  __ \     | | (_)                                        (_)      (_)
 | |__) |   _| | |_ _ __   __ _    __ _  ___ _ __   ___ _ __ _  ___   _ _ __ ___   __ _  __ _  ___        
 |  ___/ | | | | | | '_ \ / _` |  / _` |/ _ \ '_ \ / _ \ '__| |/ __| | | '_ ` _ \ / _` |/ _` |/ _ \       
 | |   | |_| | | | | | | | (_| | | (_| |  __/ | | |  __/ |  | | (__  | | | | | | | (_| | (_| |  __/       
 |_|    \__,_|_|_|_|_| |_|\__, |  \__, |\___|_| |_|\___|_|  |_|\___| |_|_| |_| |_|\__,_|\__, |\___|       
                           __/ |   __/ |                                                 __/ |
                          |___/   |___/                                                 |___/

Pulling mcr.microsoft.com/businesscentral:10.0.20348.288

Pulling generic image took 5 seconds

   _____                _   _                               _        _
  / ____|              | | (_)                             | |      (_)
 | |     _ __ ___  __ _| |_ _ _ __   __ _    ___ ___  _ __ | |_ __ _ _ _ __   ___ _ __
 | |    | '__/ _ \/ _` | __| | '_ \ / _` |  / __/ _ \| '_ \| __/ _` | | '_ \ / _ \ '__|
 | |____| | |  __/ (_| | |_| | | | | (_| | | (__ (_) | | | | |_ (_| | | | | |  __/ |
  \_____|_|  \___|\__,_|\__|_|_| |_|\__, |  \___\___/|_| |_|\__\__,_|_|_| |_|\___|_|
                                     __/ |
                                    |___/

WARNING: Container name should not exceed 15 characters
BcContainerHelper is version 2.0.18
BcContainerHelper is running as administrator
Host is Microsoft Windows 11 Enterprise - 21H2
Docker Client Version is 20.10.10
Docker Server Version is 20.10.10
Removing container bcvipimplementation-ci
Removing bcvipimplementation-ci from container hosts file
Removing bcvipimplementation-ci-* from container hosts file
Removing C:\ProgramData\BcContainerHelper\Extensions\bcvipimplementation-ci
Fetching all docker images
Fetching all docker volumes
ArtifactUrl and ImageName specified
Image bcimage:sandbox-19.0.29894.30693-w1-mt already exists
Using image bcimage:sandbox-19.0.29894.30693-w1-mt
Creating Container bcvipimplementation-ci
Style: sandbox
Multitenant: Yes
Version: 19.0.29894.30693
Platform: 19.0.29884.30666
Generic Tag: 1.0.1.8
Container OS Version: 10.0.20348.288 (ltsc2022)
Host OS Version: 10.0.22000.282 (21H2)
Using process isolation
Using locale en-US
Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Using license file C:\Licenses\7083530.flf
Additional Parameters:
--volume "C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1:c:\sources"
--env customNavSettings=EnableTaskScheduler=False
Files in C:\ProgramData\BcContainerHelper\Extensions\bcvipimplementation-ci\my:
- AdditionalOutput.ps1
- license.flf
- MainLoop.ps1
- SetupVariables.ps1
- updatehosts.ps1
Creating container bcvipimplementation-ci from image bcimage:sandbox-19.0.29894.30693-w1-mt
0ffb5f0064e184bdca967141a17a6c45715e5e87ba305b2b584a24c62e3339bd
Waiting for container bcvipimplementation-ci to be ready
Adding BCVIPIMPLEMENTA to hosts file
Initializing...
Setting host.docker.internal to 192.168.1.249 in container hosts file (copy from host hosts file)
Setting gateway.docker.internal to 192.168.1.249 in container hosts file (copy from host hosts file)      
Setting kubernetes.docker.internal to 127.0.0.1 in container hosts file (copy from host hosts file)
Setting host.containerhelper.internal to 172.19.48.1 in container hosts file
Starting Container
Hostname is bcvipimplementation-ci
PublicDnsName is bcvipimplementation-ci
Using NavUserPassword Authentication
Starting Local SQL Server
WARNING: Waiting for service 'SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS)' to
start...
Starting Internet Information Server
Creating Self Signed Certificate
Self Signed Certificate Thumbprint F8745D6DC1055BB89A6D3CCD433040DF06F530ED
Modifying Service Tier Config File with Instance Specific Settings
Modifying Service Tier Config File with settings from environment variable
Setting EnableTaskScheduler to False
Starting Service Tier
Registering event sources
Creating DotNetCore Web Server Instance
Enabling Financials User Experience
Using license file 'c:\run\my\license.flf'
Import License
Dismounting Tenant
Mounting Tenant
Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
Sync'ing Tenant
Tenant is Operational
Creating http download site
Setting SA Password and enabling SA
Creating admin as SQL User and add to sysadmin
WARNING: This license is not compatible with this version of Business Central.
Creating SUPER user
WARNING: This license is not compatible with this version of Business Central.
WARNING: This license is not compatible with this version of Business Central.
Container IP Address: 172.19.62.212
Container Hostname  : bcvipimplementation-ci
Container Dns Name  : bcvipimplementation-ci
Web Client          : http://bcvipimplementation-ci/BC/?tenant=default
Dev. Server         : http://bcvipimplementation-ci
Dev. ServerInstance : BC
Dev. Server Tenant  : default
Setting bcvipimplementation-ci to 172.19.62.212 in host hosts file
Setting bcvipimplementation-ci-default to 172.19.62.212 in host hosts file
Setting bcvipimplementation-ci-default to 172.19.62.212 in container hosts file

Files:
http://bcvipimplementation-ci:8080/ALLanguage.vsix

Container Total Physical Memory is 31.8Gb
Container Free Physical Memory is 17.2Gb

Initialization took 175 seconds
Ready for connections!
Reading CustomSettings.config from bcvipimplementation-ci
Creating Desktop Shortcuts for bcvipimplementation-ci
Container bcvipimplementation-ci successfully created

Use:
Get-BcContainerEventLog -containerName bcvipimplementation-ci to retrieve a snapshot of the event log from the container
Get-BcContainerDebugInfo -containerName bcvipimplementation-ci to get debug information about the container
Enter-BcContainer -containerName bcvipimplementation-ci to open a PowerShell prompt inside the container  
Remove-BcContainer -containerName bcvipimplementation-ci to remove the container again
docker logs bcvipimplementation-ci to retrieve information about URL's again

Creating container took 207 seconds

   _____                      _ _ _
  / ____|                    (_) (_)
 | |     ___  _ __ ___  _ __  _| |_ _ __   __ _    __ _ _ __  _ __  ___
 | |    / _ \| '_ ` _ \| '_ \| | | | '_ \ / _` |  / _` | '_ \| '_ \/ __|
 | |____ (_) | | | | | | |_) | | | | | | | (_| | | (_| | |_) | |_) \__ \
  \_____\___/|_| |_| |_| .__/|_|_|_|_| |_|\__, |  \__,_| .__/| .__/|___/
                       | |                 __/ |       | |   | |
                       |_|                |___/        |_|   |_|

Using Symbols Folder: C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\base\.alPackages
The specified file is not an extension file.
Parameter name: stream
at <ScriptBlock>, <No file>: line 3
at <ScriptBlock>, <No file>: line 2
at Invoke-ScriptInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\ContainerHandling\Invoke-ScriptInNavContainer.ps1: line 43
at Compile-AppInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Compile-AppInNavContainer.ps1: line 271
at <ScriptBlock>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 620
at <ScriptBlock>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 1322
at <ScriptBlock>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 1024
at <ScriptBlock>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 1013
at <ScriptBlock>, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 718
at Run-AlPipeline, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\AppHandling\Run-AlPipeline.ps1: line 683
at <ScriptBlock>, <No file>: line 27
NOTE: The app in C:\Users\SDP\OneDrive - MUR Shipping\Documents\AL\BC Online and VIP Implementation-1\base has ShowMyCode set to true. This means that people will be able to debug and see the source code of your app. (see https://aka.ms/showMyCode)
The specified file is not an extension file.
Parameter name: stream
At C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\2.0.18\ContainerHandling\Invoke-ScriptInN 
avContainer.ps1:44 char:13
+             throw $_.Exception.Message
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (The specified f...er name: stream:String) [], RuntimeEx  
   ception
    + FullyQualifiedErrorId : The specified file is not an extension file.

**Screenshots**

![image](https://user-images.githubusercontent.com/33856523/140902768-2f5b91e8-c132-434f-a0a9-fd88d950e1cf.png)

**Additional context**
- It happens all the time...
- Compilation error at the end is a different issue I believe...

Thanks so much
freddydk commented 2 years ago

Which Docker version are you running and how did you install it?

StFalagar commented 2 years ago

I first ran the latest docker desktop which gave me this... I then changed to Docker Engine/Docker Daemon using your script... Getting the same on both.... I have also installed this on Windows 10 but getting some other permissions errors there so will try and replicate there... that said I am fairly convinced it is not a problem in Windows 10.

freddydk commented 2 years ago

I had the same problem when running the very first version of the docker engine installation script - caused by the fact that the script was modifying the PATH in the machine scope. I changed the script to NOT do that. I removed C:\program files\docker from the PATH in settings - then I was good (the script now does it in the user scope) Could you paste the docker engine installation script here (just want to see if you have the latest) Thanks.

StFalagar commented 2 years ago

Thanks Freddy

I also got it with Docker Desktop that I updated to the latest version yesterday... herewith the script...

Param(
    [switch] $force,
    [string] $envScope = "User"
)

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if (-not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    throw "This script needs to run as admin"
}

if ((Test-Path (Join-Path $env:ProgramFiles "Docker Desktop")) -or (Test-Path (Join-Path $env:ProgramFiles "DockerDesktop"))) {
    throw "Docker Desktop is installed on this Computer, cannot run this script"
}

# Install Windows feature containers
$restartNeeded = $false
if (!(Get-WindowsOptionalFeature -FeatureName containers -Online).State -eq 'Enabled') {
    $restartNeeded = (Enable-WindowsOptionalFeature -FeatureName containers -Online -NoRestart).RestartNeeded
    if ($restartNeeded) {
        Write-Host "A restart is needed before you can start the docker service after installation"
    }
}

# Get Latest Stable version and URL
$latestZipFile = (Invoke-WebRequest -UseBasicParsing -uri "https://download.docker.com/win/static/stable/x86_64/").Content.split("`r`n") | 
                 Where-Object { $_ -like "<a href=""docker-*"">docker-*" } | 
                 ForEach-Object { $zipName = $_.Split('"')[1]; [Version]($zipName.SubString(7,$zipName.Length-11).Split('-')[0]) } | 
                 Sort-Object | Select-Object -Last 1 | ForEach-Object { "docker-$_.zip" }

if (-not $latestZipFile) {
    throw "Unable to locate latest stable docker download"
}
$latestZipFileUrl = "https://download.docker.com/win/static/stable/x86_64/$latestZipFile"
$latestVersion = [Version]($latestZipFile.SubString(7,$latestZipFile.Length-11))
Write-Host "Latest stable available Docker Engine version is $latestVersion"

# Check existing docker version
$dockerService = get-service docker -ErrorAction SilentlyContinue
if ($dockerService) {
    if ($dockerService.Status -eq "Running") {
        $dockerVersion = [Version](docker version -f "{{.Server.Version}}")
        Write-Host "Current installed Docker Engine version $dockerVersion"
        if ($latestVersion -le $dockerVersion) {
            Write-Host "No new Docker Engine available"
            Return
        }
        Write-Host "New Docker Engine available"
    }
    else {
        Write-Host "Docker Service not running"
    }
}
else {
    Write-Host "Docker Engine not found"
}

if (!$force) {
    Read-Host "Press Enter to Install new Docker Engine version (or Ctrl+C to break) ?"
}

if ($dockerService) {
    Stop-Service docker
}

# Download new version
$tempFile = "$([System.IO.Path]::GetTempFileName()).zip"
Invoke-WebRequest -UseBasicParsing -Uri $latestZipFileUrl -OutFile $tempFile
Expand-Archive $tempFile -DestinationPath $env:ProgramFiles -Force
Remove-Item $tempFile -Force

$path = [System.Environment]::GetEnvironmentVariable("Path", $envScope)
if (";$path;" -notlike "*;$($env:ProgramFiles)\docker;*") {
    [Environment]::SetEnvironmentVariable("Path", "$path;$env:ProgramFiles\docker", $envScope)
}

# Register service if necessary
if (-not $dockerService) {
    $dockerdExe = 'C:\Program Files\docker\dockerd.exe'
    & $dockerdExe --register-service
}

New-Item 'c:\ProgramData\Docker' -ItemType Directory -ErrorAction SilentlyContinue | Out-Null
Remove-Item 'c:\ProgramData\Docker\panic.log' -Force -ErrorAction SilentlyContinue | Out-Null
New-Item 'c:\ProgramData\Docker\panic.log' -ItemType File -ErrorAction SilentlyContinue | Out-Null

try {
    Start-Service docker
}
catch {
    Write-Host -ForegroundColor Red "Could not start docker service, you might need to reboot your computer."
}
freddydk commented 2 years ago

Ok, yeah that is the latest. Question is whether the docker desktop installer is doing the same thing. What is the value of: [System.Environment]::GetEnvironmentVariable("Path", $envScope) with $envscope user and machine

StFalagar commented 2 years ago

At the moment I am using Docker Engine but I'll see if I can find out what those values are...

StFalagar commented 2 years ago

Is this correct?

image

Sorry the top one is machine...

freddydk commented 2 years ago

Yes, I think that is how it should be (same as mine) Are you getting defender popup when you create containers now?

StFalagar commented 2 years ago

Yes.,... unfortunately I am still getting it....

freddydk commented 2 years ago

Can we setup a Teams call and troubleshoot? Please email freddyk at microsoft dot com if possible, then we can find a good time.

StFalagar commented 2 years ago

Can we setup a Teams call and troubleshoot? Please email freddyk at microsoft dot com if possible, then we can find a good time.

Thanks for this Freddy... I have sent you a mail...

freddydk commented 2 years ago

https://freddysblog.com/2021/11/11/trojan-warning-when-creating-containers/

freddydk commented 2 years ago

Nothing much we can do while waiting for Windows/Defender team.

StFalagar commented 2 years ago

Thanks Freddy... will switch to Hyper V

StFalagar commented 2 years ago

Freddy, I have set the Isolation parameter on the Run-ALPipeline to Hyper V but it is still installing the container as Process Isolation....

/ _| | | () | | () | | _ | | | |_ _ _ | | | '/ \/ _| __| | '_ \ / _ | / / | ' | / ` | | ' \ / \ '| | |__| | | __/ (| | || | | | | (| | | ( () | | | | | (| | | | | | / | \|| _|\,|_||| ||_, | _\/|| ||__,||| ||_|_| _/ | |/

Default parameter Isolation = HyperV WARNING: Container name should not exceed 15 characters BcContainerHelper is version 2.0.19-preview511 BcContainerHelper is running as administrator Host is Microsoft Windows 11 Enterprise - 21H2 Docker Client Version is 20.10.10 Docker Server Version is 20.10.10 Removing bcvipimplementation-ci from container hosts file Removing bcvipimplementation-ci-* from container hosts file Removing C:\ProgramData\BcContainerHelper\Extensions\bcvipimplementation-ci Fetching all docker images Fetching all docker volumes ArtifactUrl and ImageName specified Image bcimage:sandbox-19.0.29894.30693-w1-mt already exists Using image bcimage:sandbox-19.0.29894.30693-w1-mt Creating Container bcvipimplementation-ci Style: sandbox Multitenant: Yes Version: 19.0.29894.30693 Platform: 19.0.29884.30666 Generic Tag: 1.0.1.8 Container OS Version: 10.0.20348.350 (ltsc2022) Host OS Version: 10.0.22000.318 (21H2) Using process isolation Using locale en-US Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Using license file C:\Licenses\7083530-19.flf Additional Parameters: --volume "C:\Devops\1072ContactCreationDevelopment\BC Online and VIP Implementation:c:\sources" --env customNavSettings=EnableTaskScheduler=False Files in C:\ProgramData\BcContainerHelper\Extensions\bcvipimplementation-ci\my:

StFalagar commented 2 years ago

Here's the Config File...

{ "use7zipIfAvailable": true, "digestAlgorithm": "SHA256", "baseUrl": "https://businesscentral.dynamics.com", "DOCKER_SCAN_SUGGEST": false, "mapCountryCode": { "ae": "w1", "bd": "w1", "dz": "w1", "eg": "w1", "fo": "dk", "gl": "dk", "id": "w1", "ke": "w1", "lb": "w1", "lk": "w1", "lu": "w1", "ma": "w1", "mm": "w1", "mt": "w1", "my": "w1", "ng": "w1", "qa": "w1", "sa": "w1", "sg": "w1", "tn": "w1", "ua": "w1", "za": "w1" }, "hostHelperFolder": "C:\ProgramData\BcContainerHelper", "TraefikImage": "traefik:v1.7-windowsservercore-1809", "MicrosoftTelemetryConnectionString": "", "psSessionTimeout": 0, "defaultContainerName": "bcserver", "timeStampServer": "http://timestamp.digicert.com", "bcartifactsCacheFolder": "c:\bcartifacts.cache", "SendExtendedTelemetryToMicrosoft": false, "containerHelperFolder": "C:\ProgramData\BcContainerHelper", "ObjectIdForInternalUse": 88123, "apiBaseUrl": "https://api.businesscentral.dynamics.com", "PartnerTelemetryConnectionString": "", "sandboxContainersAreMultitenantByDefault": true, "usePsSession": true, "genericImageName": "mcr.microsoft.com/businesscentral:{0}", "useSharedEncryptionKeys": true, "TreatWarningsAsErrors": [ "AL1026" ], "TraefikUseDnsNameAsHostName": false, "genericImageNameFilesOnly": "mcr.microsoft.com/businesscentral:{0}-filesonly", "defaultNewContainerParameters": { "Isolation": "Hyperv" } }

freddydk commented 2 years ago

That was a bug on me. Just shipped a new version (v2.0.19) where hyperv isolation works.

StFalagar commented 2 years ago

Thanks Freddy, looks like it is working :)

freddydk commented 2 years ago

with defender update 1.353.1128.0 or later, this false positive is no longer. I also updated: https://freddysblog.com/2021/11/11/trojan-warning-when-creating-containers/

StFalagar commented 2 years ago

Thanks very much Freddy.... you were of great help as always!