1. Overview

There are a number of things to consider when scanning Windows container images. First, Prisma Cloud Console only runs on Linux hosts. Prisma Cloud Defender, which does the actual scanning work, comes in a number of flavors. On Windows, Prisma Cloud supports Container Defender and Host Defender.

To scan Windows images:

  • The Windows Intelligence Stream must be enabled. You can find the setting under Manage > System > Intelligence. By default, the Windows Intelligence Stream is disabled.

  • The container OS version must match the host OS version where Defender runs. For example, Defender on Windows Server 1803 can scan nanoserver:1803, but it can’t scan nanoserver:1809. Conversely, Defender on Windows Server 1809 can scan nanoserver:1809, but it can’t scan nanoserver:1803.

  • Prisma Cloud requires a privileged user inside the container to scan it. In more recent versions of Windows (Windows Server, version 1803 or higher, build 17134 or higher), Prisma Cloud uses the ContainerAdministrator account. This account has complete access to the whole file system and all of the resources in the container. In older versions of Windows, specifically Windows Server 2016 (version 1607, build 14393), ContainerAdministrator does not exist, so Prisma Cloud uses the default user.