Docker "com.docker.socket" identified as Malware on Mac OS

Sascha Corti

09 Jan 2025 • 2 min read

If you are trying to run Docker on your Mac in January 2025, it may very well happen that you encounter the following error:

"Malware Blocked "com.docker.socket" was not opened because it contains malware. This action did not harm your Mac."

What happened

It seems that Mac OS Sequoia 15.2, on Pro Apple Silicon sees the com.docker.vmnetd file as a threat - which it is not. The real issue is that even when updating or even uninstalling Docker, this file seems to remain untouched.

Running ls -lrt /Library/PrivilegedHelperTools/ should show this output:

-r-xr--r--  1 root  wheel  5636768 31 May  2024 com.docker.vmnetd

The file you will need for this error to go away is:

-r-xr--r--@ 1 root  wheel  6414320 Jan  9 08:30 com.docker.vmnetd

How to fix this

The solution is to make sure you run the latest version of Docker and manually replace this file, along with com.docker.socket which also resides in the /Library/PrivilegedHelperTools/ folder.

If you don't rely on the Docker images currently on your machine

In this case it is easiest to do the following:

Run this script in order to make sure the Docker service is stopped and to remove the unwanted files:

#!/bin/bash

# Stop the vmnetd service
echo "Stopping com.docker.vmnetd service..."
sudo launchctl unload /Library/LaunchDaemons/com.docker.vmnetd.plist

# Remove vmnetd binary and configuration
echo "Removing com.docker.vmnetd binary and plist..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.vmnetd
sudo rm -f /Library/LaunchDaemons/com.docker.vmnetd.plist

# Remove the socket file if it exists
echo "Removing vmnetd socket file..."
sudo rm -f /var/run/com.docker.vmnetd.sock

echo "com.docker.vmnetd components have been uninstalled."

Move Docker to the trash (or uninstall it using home-brew):

brew uninstall --cask docker

Now just re-install Docker from the official sources or using home-brew

brew install --cask docker

If you rely in the Docker images on your system

In this case, make sure Docker is on the latest version, stop the process, remove the unwanted files and copy them from inside the app folder.

#!/bin/bash

# Stop the docker services
echo "Stopping Docker..."
sudo pkill [dD]ocker
sudo pkill vmnetd

# Stop the vmnetd service
echo "Stopping com.docker.vmnetd service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.vmnetd.plist

# Stop the socket service
echo "Stopping com.docker.socket service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.socket.plist

# Remove vmnetd binary
echo "Removing com.docker.vmnetd binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.vmnetd

# Remove socket binary
echo "Removing com.docker.socket binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.socket

# Install new binaries
echo "Install new binaries..."
sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
sudo cp /Applications/Docker.app/Contents/MacOS/com.docker.socket /Library/PrivilegedHelperTools/

Note that for some reason, this script works for some users and doesn't work for others.