How to solve "'Lockdown' malicious behavior prevented in kantu-file-access-host.exe"?

The system has a Sophos Endpoint Agent. We’ve already asked the sophos team to add kantu-file-access-host.exe to AllowedList. But it still cannot run. Not really sure if it’s the problem of the sophos. Hopefully, does anyone know how to solve this?

BTW, RPA version is 5.8.8. Chrome is Version 86.0.4240.183 (Official Build) (64-bit)

Thanks for reporting this issue to Sophos. All our executables are signed, so it should be easy for Sophos to whitelist them.

Meanwhile, can you or your admin whitelist the file for your machine(s)?

From your screenshot it seems that Sophos is not blocking the xfile module in general as long as it only provides file acces. It blocks it “only” when you use the XRUN command to launch a Powershell script.

Is using XRUN important for your use case? Or was this just a test to demo the issue?

Hi, yes, it’s really important. I need to use RPA to open my powershell script which is significant to my automation process. And the Sophos team told us that they had already put the kantu.exe file to their whitelist. But I’m still encountering the question. So I don’t know what to do next. Maybe u guys can help? Thanks.

I have 2 ideas for a workaround:

  1. Instead of using XRUN to call Powershell inside the RPA macro, use the command line API and call the RPA software from your RPA powershell script (<= the link goes to our Powershell demo code).

  2. Instead of running the RPA software on Windows, run everything inside a lightweight virtual machine, for example with Virtual Box and Ubuntu 20.04. Then Sophos can not interfere.

Thanks! I’ve tried this and it’s another option to replace using RPA directly. I’m gonna go with that. Thanks again~