How does the robot check the package version?

Hello,

I had a question from my security team today that I don’t know the answer to, so I thought I’d ask in public for others to benefit from the answer.

When a robot receives a job from Orchestrator, it checks to see if it has the Process package locally and if it doesn’t, it downloads the package from Orchestrator.

If it does have the package locally, it proceeds and runs the package.

If an adversary manages to modify the Process files on the local machine, will the robot detect that the local file has been modified and redownload the correct version from Orchestrator?

Hi @kevin.scott

Kindly have a look

Cheers!!

Hi @kevin.scott

The usual workflow is that a robot checks if it has the required package locally. If it does, it proceeds to execute the automation using the local version. If not, it downloads the package from Orchestrator. However, the robot does not automatically verify the integrity of the local package against Orchestrator after the initial download.

Security measures to prevent unauthorized access and modifications to the robot’s local files should be implemented at the operating system level. This can include appropriate access controls, file integrity monitoring tools, and other security best practices.

Hope this helps, Regards!

Thanks for your quick contribution! This link doesn’t address my question regarding verification of local file integrity.

No. It would only re-download it if the version it’s looking for (as listed in project.json) isn’t available locally.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.