Jump to content

Justyn

Members
  • Posts

    3
  • Joined

  • Last visited

About Justyn

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada
  1. The junctions are based on docker images for which I am not the maintainer and could change over time. And any new images downloaded could potential have more. Thus, it is a potentially ever changing list. On top of that, I'm not the ESET administrator in my company, thus don't have direct access to exclusion lists. Therefore, what I am hearing is that ESET may not be compatible with Windows-based containers on Docker Engine, and thus also Docker Desktop. As more developers adopt docker for development on their workstations and run into this problem, what is your suggestion to them?
  2. Sorry, I don't understand your response. I don't want ESET to follow symbolic links or junctions, but I'm reporting that it is. I have scan logs that confirm it. And the scan is not quick, it never ends after more than week of running in the background. If you're trying to imply ESET shouldn't be following junctions, then are you confirming this behaviour of following junctions that I am seeing is a bug in ESET?
  3. Installed product: ESET Endpoint Security Product version: 8.1.2037.2 Operating system: Windows 10 (21H1) (OS Build 19043.1320) I'm having an issue where scans never complete on workstations with Docker Engine for Windows installed (the underlying component of Docker Desktop). From what I can see, ESET is following junction (soft link) directories and thus ends up scanning the same files multiple times. From https://docs.microsoft.com/en-us/windows/win32/fileio/hard-links-and-junctions: Junctions are what Docker uses to implement a layered filesystem. Here's an example of a junction within a docker layer for the official Microsoft image "mcr.microsoft.com/windows/servercore:ltsc2019": C:\ProgramData\docker\windowsfilter\095228c633e3bbbda1a54b3aa0b2defbc89aa883e8553b1e5081fb29583a6e46\Files>dir /a Volume in drive C is OS Volume Serial Number is 2E03-5E67 Directory of C:\ProgramData\docker\windowsfilter\095228c633e3bbbda1a54b3aa0b2defbc89aa883e8553b1e5081fb29583a6e46\Files 2021-11-03 04:33 PM <DIR> . 2021-11-03 04:33 PM <DIR> .. 2021-11-03 04:30 PM <DIR> Boot 2021-11-03 04:08 PM 408,826 bootmgr 2018-09-14 11:09 PM (1) BOOTNXT 2020-05-06 09:10 PM <JUNCTION> Documents and Settings [C:\Users] 2020-05-06 08:48 PM (5,510) License.txt 2021-11-03 11:32 PM <DIR> Program Files 2021-11-03 04:30 PM <DIR> Program Files (x86) 2021-11-03 11:32 PM <DIR> ProgramData 2021-11-03 04:33 PM <DIR> Users 2021-11-03 04:33 PM <DIR> Windows 3 File(s) 414,337 bytes 9 Dir(s) 658,207,408,128 bytes free The problem here is that ESET scans the entire "C:\Users" directory twice. Once as it encounters "C:\Users" directly and a second time as it encounters "C:\ProgramData\docker\windowsfilter\095228c633e3bbbda1a54b3aa0b2defbc89aa883e8553b1e5081fb29583a6e46\Files\Document and Settings". And if there are multiple layers with a similar junction, then it potentially scans the same directory again and again for each layer that has an junction (soft link) to it. How do we stop ESET from scanning the same directory over and over, when once is all that is required? For instance, is there a way to configure ESET to not follow junctions (soft links)?
×
×
  • Create New...