Vpnkit-bridge has been considered as malicious by our security system

jesimone57 · February 23, 2021, 9:17pm

I am using Docker Desktop for macOS version 3.1.0 - the latest.

Was recently sent an email by our security team and they said the following:

on 2/16/21 8:21:05.000 AM We received a Crowdstrike detection for host [my_hostname] ”

Filename: vpnkit-bridge
File path: /Applications/Docker.app/Contents/MacOS/vpnkit-bridge
Command line: vpnkit-bridge --addr listen://1999 host
Hash value: 04fb8fb364cd2da2544b662d15853852d4b14a09981f3593cc1fdf1b2764d1f8

What can be done to fix this?

After some googling on “vpnkit-bridge malicious”. I came across this web page created a few days ago:

https://www.joesandbox.com/analysis/349885/0/pdf

and this one

https://www.hybrid-analysis.com/sample/70c732f69d07dd4dc955c538a037f78b44e2a82326c775819464fb3d204aee7c

Please help.

shooshmandsol · March 22, 2021, 5:30pm

I have received a similar alert by Crowdstrike. Using macOS 11.2.3, and docker 3.2.2
Is it really a security issue or a false alarm?
Anyone else has had this issue and can provide feedback appreciated.
Thanks

Topic		Replies	Views
Malware in Docker for Mac? Docker Desktop macos	10	11693	March 28, 2022
Query about a possible security issue General	1	90	April 30, 2024
Container IP (docker0 and docker_gwbridge interface IP's) is syncing with Host DNS why? General dns	13	4523	January 27, 2022
Docker 1.12.1: container can't resolve host behind VPN Docker Desktop	0	3182	August 26, 2016
CVE-2016-5195 and the Docker For Mac VM Host Docker Desktop	2	1216	October 24, 2016

Vpnkit-bridge has been considered as malicious by our security system

Related topics