(如何)我可以 运行 Windows Defender 在 docker 容器中吗?获取错误
(How) Can I run Windows Defender in a docker container? Getting errors
我正在为 Windows 环境的端点笔测试实验室试验一些选项,Docker 似乎是一个非常轻量级且易于配置的选项。但是,在此设置中测试 Windows Defender 时,我遇到了错误,我发现的每个帮助线程答案都导致了更多错误。 运行 Windows Defender 在 docker 容器中不可行吗?
我尝试过的:
运行一个dockerWindows容器:
PS C:\WINDOWS\system32> docker run mcr.microsoft.com/windows:20H2
Unable to find image 'mcr.microsoft.com/windows:20H2' locally
20H2: Pulling from windows
f26dc4584b4d: Pull complete
881882374a3c: Pull complete
Digest: sha256:bfcfdafc3db9b35528635acfdbc07169ed0a6b8af88feb7b6e1da62cd4f3b748
Status: Downloaded newer image for mcr.microsoft.com/windows:20H2
Microsoft Windows [Version 10.0.19042.1348]
(c) Microsoft Corporation. All rights reserved.
C:\>
然后在该容器 CLI 中,运行:
PS C:\> (Get-Service windefend).Status
Stopped
PS C:\> Start-Service windefend
Start-Service : Service 'Microsoft Defender Antivirus Service (windefend)'
on computer '.'.
At line:1 char:1
+ Start-Service windefend
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceControl
ler:ServiceController) [Start-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Comman
ds.StartServiceCommand
PS C:\> Get-MpComputerStatus
Get-MpComputerStatus : A general error occurred that is not covered by a more
specific error code.
At line:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Micros
oft\...pComputerStatus) [Get-MpComputerStatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus
在我看来,这些错误消息没有帮助。我不知道 CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerStatus], CimException 是什么意思,也不知道 FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus 是什么意思,而且它似乎没有暗示它无法启动服务的任何原因。因此,我想知道这是否不可能。
真是一场噩梦!但我让它适用于 1809 和 20h2。
PS C:\> Start-Service windefend
Start-Service : Service 'Microsoft Defender Antivirus Service (windefend)' cannot be started due to the following
error: Cannot start service windefend on computer '.'.
At line:1 char:1
+ Start-Service windefend
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
PS C:\>
服务设置为系统启动,需要先设置为手动启动:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend\" -Name "Start" -Value 3
然后从注册表中删除受启动保护的密钥:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend\" -Name "LaunchProtected" -Value 0
然后 WinDefend 将在重新启动容器后启动。
PS C:\> Start-Service windefend
PS C:\> Get-Service windefend
Status Name DisplayName
------ ---- -----------
Running windefend Microsoft Defender Antivirus Service
我正在为 Windows 环境的端点笔测试实验室试验一些选项,Docker 似乎是一个非常轻量级且易于配置的选项。但是,在此设置中测试 Windows Defender 时,我遇到了错误,我发现的每个帮助线程答案都导致了更多错误。 运行 Windows Defender 在 docker 容器中不可行吗?
我尝试过的:
运行一个dockerWindows容器:
PS C:\WINDOWS\system32> docker run mcr.microsoft.com/windows:20H2
Unable to find image 'mcr.microsoft.com/windows:20H2' locally
20H2: Pulling from windows
f26dc4584b4d: Pull complete
881882374a3c: Pull complete
Digest: sha256:bfcfdafc3db9b35528635acfdbc07169ed0a6b8af88feb7b6e1da62cd4f3b748
Status: Downloaded newer image for mcr.microsoft.com/windows:20H2
Microsoft Windows [Version 10.0.19042.1348]
(c) Microsoft Corporation. All rights reserved.
C:\>
然后在该容器 CLI 中,运行:
PS C:\> (Get-Service windefend).Status
Stopped
PS C:\> Start-Service windefend
Start-Service : Service 'Microsoft Defender Antivirus Service (windefend)'
on computer '.'.
At line:1 char:1
+ Start-Service windefend
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceControl
ler:ServiceController) [Start-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Comman
ds.StartServiceCommand
PS C:\> Get-MpComputerStatus
Get-MpComputerStatus : A general error occurred that is not covered by a more
specific error code.
At line:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Micros
oft\...pComputerStatus) [Get-MpComputerStatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus
在我看来,这些错误消息没有帮助。我不知道 CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerStatus], CimException 是什么意思,也不知道 FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus 是什么意思,而且它似乎没有暗示它无法启动服务的任何原因。因此,我想知道这是否不可能。
真是一场噩梦!但我让它适用于 1809 和 20h2。
PS C:\> Start-Service windefend
Start-Service : Service 'Microsoft Defender Antivirus Service (windefend)' cannot be started due to the following
error: Cannot start service windefend on computer '.'.
At line:1 char:1
+ Start-Service windefend
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
PS C:\>
服务设置为系统启动,需要先设置为手动启动:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend\" -Name "Start" -Value 3
然后从注册表中删除受启动保护的密钥:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend\" -Name "LaunchProtected" -Value 0
然后 WinDefend 将在重新启动容器后启动。
PS C:\> Start-Service windefend
PS C:\> Get-Service windefend
Status Name DisplayName
------ ---- -----------
Running windefend Microsoft Defender Antivirus Service