Docker Desktop requests service McAffee Framework Host (service mc-fw-host) to be killed before installing updates

[leotulipan]

Description

For me on a current windows 11 machine this bug from a year ago is back

https://github.com/docker/for-win/issues/13738

• Current Version 4.34.2 (167172) installed via winget
• Update in GUI 4.35.1 (173168)

I tried all the old suggestions, except completely removing the virus scanner just for docker. As the service can also not be stopped from the task managers services tab I can therefor not upgrade

Reproduce

1. use current windows 11 with mcafee virus scanner
2. try to update via gui

Expected behavior

an update should not require the virus scanner to be completely removed

docker version

Client:
 Version:           27.2.0
 API version:       1.47
 Go version:        go1.21.13
 Git commit:        3ab4256
 Built:             Tue Aug 27 14:17:17 2024
 OS/Arch:           windows/amd64
 Context:           desktop-linux

Server: Docker Desktop 4.34.2 (167172)
 Engine:
  Version:          27.2.0
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.21.13
  Git commit:       3ab5c7d
  Built:            Tue Aug 27 14:15:15 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.20
  GitCommit:        8fc6bcff51318944179630522a095cc9dbf9f353
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    27.2.0
 Context:    desktop-linux
 Debug Mode: false

Server:
 Containers: 11
  Running: 0
  Paused: 0
  Stopped: 11
 Images: 23
 Server Version: 27.2.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
 Kernel Version: 5.15.153.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 22
 Total Memory: 15.46GiB
 Name: docker-desktop
 ID: 48e6aa36-a19b-46b9-8810-68fb9a5c003c
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=npipe://\\.\pipe\docker_cli
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: daemon is not using the default seccomp profile

Diagnostics ID

607EC1EF-5A30-486D-BF7F-CB73AC2D251E/20241109085142

Additional Info

No response

[gtedavid]

Hi @leotulipan

I ran into the same issue https://github.com/docker/for-win/issues/13738#issuecomment-1782307456 this comment helps out for now as a workaround though it is odd that the bug is back.

Note that you really have to put the setting to "never" for the real time protection analysis and restart the pc, launch docker after logging back in and launch the update process.

[sankarpadhy]

I faced the same issue.

The workaround : I disabled the service from regedit by modifying the value, ran the update and revert back the changes:

Steps:

1. Open Registry Editor (regedit) and navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mc-fw-host
2. Locate the Start value and modify it: Change its value to 4 (to disable the service). 3.Restart your PC to apply the changes. 4.Update Docker Desktop. 5.After completing the update, return to the same registry key and: Change the Start value back to 2 (to re-enable the service). 6.Restart your PC .

[mayureshkumbhar]

I faced the same issue.

The workaround : I disabled the service from regedit by modifying the value, ran the update and revert back the changes:

Steps:

1. Open Registry Editor (regedit) and navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mc-fw-host
2. Locate the Start value and modify it: Change its value to 4 (to disable the service). 3.Restart your PC to apply the changes. 4.Update Docker Desktop. 5.After completing the update, return to the same registry key and: Change the Start value back to 2 (to re-enable the service). 6.Restart your PC .

This solution worked for me. Thanks @sankarpadhy 👍👍👍

[rooster-ed]

I faced the same issue.

The workaround : I disabled the service from regedit by modifying the value, ran the update and revert back the changes:

Steps:

1. Open Registry Editor (regedit) and navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mc-fw-host
2. Locate the Start value and modify it: Change its value to 4 (to disable the service). 3.Restart your PC to apply the changes. 4.Update Docker Desktop. 5.After completing the update, return to the same registry key and: Change the Start value back to 2 (to re-enable the service). 6.Restart your PC .

This bug unfortunately still exists.

This worked for update 4.38.0 (no other suggestion - re: turning things off in the Mcafee UI worked for me).. Thank you @sankarpadhy

[InzooChen]

After turning off McAfee's real-time scanning, I attempted to update Docker, but McAfee still interfered.

So, I added the Docker-related .exe files to McAfee's whitelist, and then the update proceeded normally.