Symantec Endpoint Protection Quarantines JNativeHook-2.0.3.dll


Installing the product went well (took two restarts - one for VirtualBox & Vagrant, and one for RPA Express itself), however when I started recording, Symantec Endpoint Protection blocked the JNativeHook-2.0.3.dll due to WS.Reputation.1 risk. Full details:

Category: Malware
Sub category: Insight Network Threat
Download by: c:\program files\java\jre1.8.0_111\bin\javaw.exe
Status: Infected
Historical Reputation: There is strong evidence that this file is untrustworthy.
Historical Prevalence: This file has been seen by thousands of Symantec users.
First Seen: Symantec has known about this file for more than 1 year.
Current Reputation: There is strong evidence that this file is untrustworthy.
Current Prevalence: This file has been seen by thousands of Symantec users.

1 Like
Unable to publish recording to Control Tower in Release 1.1.2

hi @sami.lamti,

It’s not a virus, we recommend to add an exception for this component used by RPA Recorder.


smiles I’m not so concerned about it being a virus. I’m instead trying to pro-actively provide beta-feedback: I’m an enterprise user with Symantec Antivirus. I’m sure more of your potential customers will experience this. As an enterprise user, I am not in control of my own SA installation. Therefore, it might make sense for you - as a service / application provider - to contact Symantec and have them whitelist your product. :slight_smile:

1 Like

@sami.lamti, thanks for your pro-activity. We will do our best to overcome this issue.

1 Like

Hello all,

This is a quite old topic but i’m facing to the same issue.

We don’t have rights to manage Symantec rules, then i can’t use RPAExpress at all … :confused:


Hi @GCE,

Please provide more details:

  • installer version - info from in the version.txt file when you unpack the installer

  • was the installation successful or not

  • error messages



Installer version is “build=81”, and the installation was successful.

I’m able to open RPAExpress, create a project but when starting a recording i’m facing to a Symantec popup saying that the concerned file (JNativeHook-2.0.3.dll ) was blocked.


@GCE, currently the only way to fix this is to add this library to your anti-virus exceptions list.

It happens because RPA Recorder monitors system events and manipulates your mouse, keyboard, clipboard, etc.


As @sami.lamti said, most of the enterprise user are not able to modify their antivirus configuration. It could be great to contact Symantec to add the product to their whitelist.

Actually, i can’t use the product like other Symantec Endpoint Protection users :’(


Does anybody have an idea that following version also be affected?
I’ve finally got RPA Express,but afraid to install to my office pc as it is running Symantec.



JNativeHook is still a part of RPA Express and it’s not a virus. So please add it to exceptions in your AV-software or ask your IT to do so, if your permissions are insufficient to do so.


Thanks for the quick response amashentsev. Unfortunately SEP security policy for global firm is managed by corporate CIO but not local IT . It made this bit difficult to get solved(in case build=148 is also detected by SEP) through CIO. Might need to get registered to Symantec white list.


@ILoku_Marakkala3 - this issue will be resolved in new releases when we introduce Object recording


Great!!! Will look forward as it will allow me to install and run RPA express in my workstaion.