Antivirus blocking bot execution, or there's a real virus?

rajatjoshi · April 5, 2023, 9:56am

Whenever I try to run a bot on a Production machine, the antivirus installed there blocks the execution. It says there’s a malware, however I doubt that. How to find out whether there’s really a malware or it is just the execution which is getting blocked by the antivirus?

arjunshenoy · April 5, 2023, 10:23am

Hi @rajatjoshi

It is common for antivirus software to flag automation scripts and bots as potentially harmful due to their behavior. This is often a false positive, as automation tools like UiPath work by interacting with other software on your system, which can be mistaken for malicious activity.

Hope this helps,
Best Regards.

rajatjoshi · April 5, 2023, 12:07pm

Thanks for the response, @arjunshenoy
Is there any way to prove that this issue has been caused by UiPath and not by an actual virus. This is a client’s machine and we need conclusive evidence before deciding to add a bypass rule in the antivirus.

arjunshenoy · April 5, 2023, 12:41pm

@rajatjoshi

These are some steps you can use to derive a conclusion:

→ Run a thorough virus scan on the client’s machine to ensure that there are no viruses or malware present. This report will help your client understand that it’s no any malware inference.

→ Upon running a full scale scan, check the logs to see if there is any information on UiPath scripts being blocked by the antivirus software. This may provide some clues as to whether the issue is caused by a virus or by UiPath.

→ Test UiPath on a clean machine that does not have any antivirus software installed. This will help comprehend the discussion with your client.

Hope this helps,
Best Regards.

marian.platonov · April 7, 2023, 12:58pm

Use the Process Monitor (procmon) for the application that it is interacting with UiPath.

Download the tool from here https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Open Task Manager → find the process in the Details and check its platform version