Docker Community Forums

Share and learn in the Docker community.

Trojan found in Windows ServerCore

I submitted this DOCKER image with an AMI to Amazon, They flagged a Trojan on it. Win.Trojan.Agent-1819547 . I dont have details what the Trojan does
https://hub.docker.com/r/microsoft/windowsservercore/
microsoft/windowsservercore

Vulnerable file(s) detected
Vulnerability found in filepath
Win.Trojan.Agent-1819547: /ProgramData/docker/windowsfilter/fe8f33faede804d39e43d528901162a4e383b272dd4f36926dd518f24dd42679/Files/Windows/servicing/Packages/Microsoft-Windows-ServerCore-Server-Common-Features-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum

Interesting , thanks for this info !

I’m not familiar with how AMI scans, but this is probably a false positive AV signature. That file is not detected by other AV scanners such as Windows Defender. This image was scanned by Microsoft prior to pushing it to Docker Hub. Do you have a way to ask Amazon for follow-up on the scanning results?