Docker Community Forums

Share and learn in the Docker community.

Vpnkit-bridge has been considered as malicious by our security system

I am using Docker Desktop for macOS version 3.1.0 - the latest.

Was recently sent an email by our security team and they said the following:

on 2/16/21 8:21:05.000 AM We received a Crowdstrike detection for host [my_hostname] ”

Filename: vpnkit-bridge
File path: /Applications/Docker.app/Contents/MacOS/vpnkit-bridge
Command line: vpnkit-bridge --addr listen://1999 host
Hash value: 04fb8fb364cd2da2544b662d15853852d4b14a09981f3593cc1fdf1b2764d1f8

What can be done to fix this?

After some googling on “vpnkit-bridge malicious”. I came across this web page created a few days ago:

https://www.joesandbox.com/analysis/349885/0/pdf

and this one

https://www.hybrid-analysis.com/sample/70c732f69d07dd4dc955c538a037f78b44e2a82326c775819464fb3d204aee7c

Please help.

I have received a similar alert by Crowdstrike. Using macOS 11.2.3, and docker 3.2.2
Is it really a security issue or a false alarm?
Anyone else has had this issue and can provide feedback appreciated.
Thanks