Kantu files positive virus/malicious detected

Hello. I wanted to use this solution in my company, but traditionally everything that is uploaded to the company’s system must be tested not only in terms of functionality, but also pass security tests. The first is ‘VirusTotal.com’.

The basic installer ‘uivision-xmodules-setup-v202103a.exe’ passed the tests, but the tested files from ‘ui.vision-xmodules-windows-v202103.zip’ unfortunately not. ‘kantu-file-access-host.exe’ and kantu-xy-host_win7.exe

I know that the heuristics of some files may wrongly indicate a threat, but convincing decision-makers in the company in this regard is troublesome.

I can ask you to refer to this topic, i.e. have any actions been taken to clarify which parts of the program code are considered questionable and to change them?

Thank you in advance for your answer

Thanks for your hint. I confirmed this issue. These are clearly false alarms. We will will have to contact the vendor. Luckily this false alarm happens “only” for one of the 70 vendors on this list.

For now, here is what you can do:

  • Tell the decision-makers that UI Vision is the most secure RPA software because its core is open-source.

  • kantu-xy-host_win7.exe => This file is only needed for Win7. So if you are not using the old Win 7, simply delete the file!

  • ‘kantu-file-access-host.exe’ - this file is required for the hard-drive mode. But if your manager insists, you can also safely delete the file. This would disable hard-drive mode, but all other XModule features remain!

I am sure the Antivirus software detects these modules because these modules control the mouse/keyboard, which is a typical task for a “virus”. And the file-access-host contains code for the XRUN feature - that is to launch other programs. This is also something that some virus’ do. But the EXE is signed, to this false alarm should not happen. It is more of a problem of this sloppy anti-virus software vendor.

image

Certificate:

image