Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Chisel' unwanted software was detected (Agentless) #11994

Open
2 tasks done
djeclemen opened this issue Jul 1, 2024 · 2 comments
Open
2 tasks done

'Chisel' unwanted software was detected (Agentless) #11994

djeclemen opened this issue Jul 1, 2024 · 2 comments
Labels
bug/need-confirmation kind/bug Applied to Bugs

Comments

@djeclemen
Copy link

Before you start please confirm the following.

Problem Description

Microsoft Defender is reporting this, on the portainer container.

Name:
portainer
Directory:
var/lib/docker/overlay2/18bcaff106af338d515bf2e54bc590549903ef06322863a8d57b31df5b63a0e9/diff
File Hashed:
3f7802f5dd8c1ad2137e725a6250867d5fc8cdd3 (SHA1), c82a6e283f050cb8215c9103863e914a (MD5), 2528ac71a0ac6a01bb9c2888c7776cd7382a6e4c9f8b6233cf34099601880ad4 (SHA256)

Malware Name:
Misleading:Linux/Chisel.A!MTB
Category:
Adware

Potentially unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.

Expected Behavior

No security alert from defender for cloud

Actual Behavior

Microsoft Defender is reporting this, on the portainer container.

Steps to Reproduce

Deploy linux host in azure with Defender for cloud agent
Install docker
run latest portainer as container

Portainer logs or screenshots

No response

Portainer version

2.20.3

Portainer Edition

Community Edition (CE)

Platform and Version

Docker

OS and Architecture

Debian

Browser

No response

What command did you use to deploy Portainer?

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Additional Information

No response
@oleksandrmeleshchuk-epm
Copy link

any upd on this?

@jamescarppe
Copy link
Member

The Chisel library is required for us to establish a reverse tunnel to Edge Agent environments, and is being falsely identified as malicious by Defender. You can find in-depth discussion of this kind of flagging happening before to Chisel in their GitHub repo. We are discussing internally what we can potentially do here but unfortunately we are at the mercy of Microsoft and their decision-making around "threats".

In the meantime, you may be able to configure an exception to ignore this in your Defender configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/need-confirmation kind/bug Applied to Bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@djeclemen @oleksandrmeleshchuk-epm @jamescarppe