Ongoing PowerShell Vulnerabilities causing security conflicts with UiPath.System.Activities

PowerShell is a major attack vector used by cybercriminals, and, thus, there are several enterprise security software packages like McAfee Trellix have rules for blocking any attempt to save System.Management.Automation.dll (code behind PowerShell).

Ongoing PowerShell security threats prompt a call to action
“PowerShell can be integral for cybercriminals that employ “living off the land” techniques, meaning they use legitimate software and functions for malicious purposes. A January threat report by Trellix, a security vendor focused on extended detection and response, showed that PowerShell accounted for more than 40% of the native OS binaries that threat actors use.”*

Problem is UiPath.System.Activities includes a dependency for System.Management.Automation v6.1.7601.17515 as seen in this screenshot:

For enterprise security sake, please move PowerShell automation to a separate package or provide a version of UiPath.System.Activities that doesn’t have this dependency. Like it was before v21.

1 Like

Hello @karl.l.loeblein!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly

@karl.l.loeblein thanks for your feedback. You can contact our support/security team if you need help with your IT department whitelisting these dependencies. Most of the time the attacks cannot be exploited for UiPath activities since they need to be explicitly consumed in the automation to be executed.

My concern isn’t over exploits of the UiPath Activities themselves. I’m getting worried our security department shutting down UiPath due to the over abundance of DLL’s getting pushed down to client computers as the project dependency requirements continue change and grow.

System.Management.Automation.dll has been blocked more than once by security folks. Each time I go back to ask for an exception gives them another opportunity to shutdown UiPath. Regardless, I fail to see why System.Management.Automation.dll (aka POWER SHELL Automation) needs to be is a part of the core package UiPath.System.Activities. Why can’t it be in a separate package for those that use this functionality?