Endpoint protection flagged Robotiq ScriptExecutor as “Suspicious Ransomware Behavior”

Answered
0
0

Hi everyone,

We recently received an alert from our client’s endpoint protection system indicating a medium severity detection for “Suspicious Ransomware Behavior”.

The alert referenced the process:

C:\Program Files\Robotiq.ai\ScriptExecutor\Robotiq.ScriptExecutor.exe

According to the detection log, the system temporarily blocked or terminated this process after identifying behavior similar to ransomware — specifically, the creation or modification of multiple files in a short timeframe.

The detection score was moderate, and the rule that triggered it was related to “Malware Behavior Blocking”.

Has anyone experienced similar false positives with Robotiq.ai components?
Is there an official way to confirm this executable as safe for whitelisting?

Infrastructure and Administration
Share
  • You must to post comments
Filter
Sort by: Most Votes
Good Answer
0
0

Hi there,

Yes, this type of detection is entirely possible for a component like Robotiq.ScriptExecutor.exe. Script executors often perform operations that can resemble suspicious behavior to endpoint protection systems—such as modifying or creating multiple files in a short timeframe. These behaviors, while legitimate in automation contexts, can resemble patterns used by ransomware.

It’s also important to note that different endpoint protection systems use varying heuristics and behavioral analysis techniques. What one system flags as suspicious, another might allow without any alerts. These detections are often based on generic rules that aim to prevent unknown threats but can occasionally result in false positives, especially with automation tools or scripting engines.

If you’re confident that the executable is from a trusted source (e.g., installed from the official Robotiq.ai package and not tampered with), it is safe to whitelist Robotiq.ScriptExecutor.exe in your endpoint protection software. Whitelisting should prevent further alerts or interruptions related to this process.

If needed, we can also provide a hash or digital signature details for verification, or collaborate with your IT/security team to assist in the whitelisting process.

Let us know if you’d like further assistance.

Best regards,
Robotiq.ai Support Team

  • You must to post comments
Showing 1 result
Your Answer

Please first to submit.

FEATURED QUESTIONS

0 votes
1 answer
1k views
Unattended error: Login failed
Infrastructure and Administration credential provider   error   login   unattended
I received an error after installation in every process I run unattended. It said, “Login f…
  • NewUser asked 8 months ago
  • last active 8 months ago
0 votes
1 answer
1k views
Can't delete RobotiqCredentialProvider after uninstalling
Hi, so i needed do uninstall robot to install new version. When i uninstalled it, everything was …
  • PetraP asked 9 months ago
  • last active 8 months ago
0 votes
1 answer
1k views
Issue with Robot 6198 – Unhandled Exception: WindowsCryptographicException After Update
Infrastructure and Administration robot version   unattendedrobot   unhandledException   update
Hi, we are experiencing an issue with the latest version of robot 6198. After the update, the rob…
  • Nevena asked 1 year ago
  • last active 8 months ago
0 votes
3 answers
1k views
Log in failed. Machine is not available. Check credential provider setup
Infrastructure and Administration error   installation   job error   log in failed
Hello community, I have a problem with my robot. It works fine, but every few months I get the er…
  • Emb asked 1 year ago
  • last active 8 months ago
0 votes
1 answer
1k views
Robot status "Not installed"
Infrastructure and Administration installation
Hello everyone, I successfully installed the robot on the tenant, but for some reason the status …
  • tihanaM asked 1 year ago
  • last active 8 months ago

CATEGORIES