Docker Community Forums

Share and learn in the Docker community.

Docker Desktop 4.3.1 has a trojan?

I was notified today that an update to Docker Desktop for Windows 4.3.0 is available to bring it to 4.3.1. I had Docker Desktop download the update, then I clicked the “Update and restart” button, just like always.

However, this time, before it even had a chance to update, Microsoft’s Virus & threat protection intervened and shut down the updater immediately. Clicking on its notification shows me that it found (at least) two threats in the 4.3.1 update:


I have replicated this three times now with the same result each time. Am I alone on this or is this a known bug? What should I do?

Thanks @sturmb for the heads-up. I’ve tried to reproduce the situation on a Windows 11 Insider machine with all updates installed (Security intelligence version: 1.355.311.0), and will investigate a bit more. Currently I see a similar issue with a file in a temp folder during the update.
Normally these are false positives (see history of similar tickets Issues · docker/for-win · GitHub) but we always take a close look and eventually report it to the virus scan vendor.
From what I can see the file is our delta update with compressed deltas. Maybe that causes the false positive.

I was able to update to 4.3.1 by downloading the full installer from the release notes page: Docker for Windows release notes | Docker Documentation and run the installer manually.

Thanks, @stefanscherer. Unless there’s some urgency to the 4.3.1 update, perhaps I can tell Docker Desktop to just skip this version? Or would you recommend I update manually (via the full installer you linked)?

The last update was only an improvement for the docker scan command to help find the log4j2 CVE better. But we’re awaiting another improvement in the underlying snyk binary and ship another patch release soon. So if you don’t need this tool right now it’s save to wait for 4.3.2.

1 Like

Wanted to confirm that I experienced the same issue (though different virus). Mine was Trojan:Script/Oneeva.A!ml

This happened twice in a row so I know it was due to Docker Desktop update.

Using version 4.3.0 on windows 10.

I also had the same thing happen to me. I put the word out to my team to hold for the time being until this can be ‘officially’ resolved as a ‘false positive’.