Application compiled without Security Feature CFG (Control Flow Guard)

DanielGabriel

The application binary was compiled without enabling Control Flow Guard (CFG, a security feature that helps prevent memory corruption attacks such as indirect call/jump hijacking. This omission increases the risk of exploitation through techniques like Return-Oriented Programming (ROP).

It is recommended to set Control Flow Guard value "true".

DanielGabriel

@NitiGrover @chrisgaze @dhaferhalfalahnbk

robert.nicklin

Hello Daniel,

Thanks for taking the time to raise an idea. Having consulted with our engineering team, I can confirm that we will not be taking this enhancement forward.

The application binary (automate.exe) is a .NET Framework application. Control Flow Guard (CFG) is a Windows security mitigation designed for native (C/C++) binaries - it is not appropriate to enable on managed .NET Framework applications, where it would cause stability issues without providing a meaningful security benefit. The .NET runtime already protects against the class of memory-corruption attacks that CFG is designed to mitigate.

If this request was prompted by a security scanner flagging the binary, this is a known false positive for managed .NET applications.

As a result of this update, I'm going to mark this idea as Not Planned.

Regards,

Rob

SS&C Blue Prism Community

Application compiled without Security Feature CFG (Control Flow Guard)

Integration of Capture with Process Mining Tools

Credentials , Scheduler , Environment Variable Fil...

More options for Scheduling

Correct the destination of the approval request ac...

Add the trigger based process run