I had a question from my security team today that I don’t know the answer to, so I thought I’d ask in public for others to benefit from the answer.
When a robot receives a job from Orchestrator, it checks to see if it has the Process package locally and if it doesn’t, it downloads the package from Orchestrator.
If it does have the package locally, it proceeds and runs the package.
If an adversary manages to modify the Process files on the local machine, will the robot detect that the local file has been modified and redownload the correct version from Orchestrator?
The usual workflow is that a robot checks if it has the required package locally. If it does, it proceeds to execute the automation using the local version. If not, it downloads the package from Orchestrator. However, the robot does not automatically verify the integrity of the local package against Orchestrator after the initial download.
Security measures to prevent unauthorized access and modifications to the robot’s local files should be implemented at the operating system level. This can include appropriate access controls, file integrity monitoring tools, and other security best practices.