Enterprise 11: Additional security controls
Automation Anywhere Control Room restricts the database connection configuration with the system administrator account.
Restrict installation from database system administrator account
All the database level transactions are done with a nonsystem administrator account. The Control Room installer passes the SQL Server 2012 certification test.
Autolock the device
When Automation Anywhere Enterprise bots are deployed from the Control Room to remote Bot Runners, they revert the Bot Runner system to its original state. For example, if the Bot Runner machine was logged off and our bot logged into the machine, it logs it off after the automation execution finishes. This ensures that system level security is not compromised.
Using SHgetKnownFolderPath function
Automation Anywhere software uses the SHGetKnownFolderPath function and Knownfolder_ID to determine the full path to the special folders. This is a recommended practice from Microsoft and use of this function ensures that system will never redirect automation data to any other folder, even if someone attempts to hack the function call. This is also one of the InfoSec requirements of Automation Anywhere Enterprise users.
API level security
Automation Anywhere software does authentication and authorization level checks at the API level. API calls are serviced only for those users who have permission on the automation data. Unauthorized users cannot bypass system security through rogue API calls.
When Automation Anywhere Enterprise Client software is uninstalled, it leaves no trailing files or folders behind. This clean uninstall of the Enterprise Client software complies with InfoSec policies.
Store data in Program Data folder
Automation Anywhere Enterprise Client software allows storing of automation data in the Program Data folder, for the files which must be edited by end users. Permissions are also set on the directory during the installation so that the user can edit the content of the folder. This complies with the InfoSec requirements of Automation Anywhere Enterprise users.
Protected handling of MSVC DLL files
Automation Anywhere Enterprise Client software uses MSVCxxx.dll files for automation purposes, but it does not install these files by itself. Client software directly uses the DLL files installed by only the Microsoft operating system. This ensures that client software does not overwrite the DLL files installed by Microsoft and our users do not have to worry about doing one more cycle of checking for any introduced vulnerabilities.
All the executables (.exe file) of the Automation Anywhere Control Room and Enterprise Client software contain the manifest files which describe assembly metadata, for example, filename, version number, and culture. This makes our platform comply with organizational InfoSec policies.
Application path on network
Automation Anywhere Enterprise supports configuration of reading and writing automation data to a location on a network drive. This enables users to keep all automation data at one place.
Autologin without disabling legal disclaimer
When Automation Anywhere Enterprise bots are deployed from the Control Room to remote Bot Runners, our users do not need to change security settings, for example, disable login page or disable legal disclaimer. Automation deployment works seamlessly without disabling these settings.
Secure Java automation
The Automation Anywhere Enterprise platform can securely automate even those difficult-to-automate business applications which download the Java runtime environment (jre) during automation execution. Whenever these applications are started, an Automation Anywhere Enterprise agent gets associated with Java executable noninvasive and automates the business application. After the automation finishes, the Automation Anywhere Enterprise agent is automatically terminated.
Automation in nonEnglish languages
Users can securely use German, French, Italian, and Spanish language keyboard characters through the embedded automation commands in Bot Creators. This enables users to write data into these languages. Automation Anywhere users do not need to depend on less secure third-party libraries for this automation.