Problem
FoxService.exe may be identified in vulnerability reports because authenticated users require access to this file with read, write and modify permissions.
For Foxtrot, the path is c:\program files (x86)\foxtrot suite\foxtrot\foxservice.exe.
For RPA, the path is c:\program files (x86)\nintex\rpa\foxservice.exe
Our minimum requirements are 'Local read, write, execute, delete rights' as stated in the Release Notes page at https://help.nintex.com/en-US/platform/ReleaseNotes/NintexRPA.htm#System3
Our recommended requirements are 'Local administrator rights' and this is to prevent users encountering issues that prevent successful runs of their botflows.
If FoxService.exe is identified as a vulnerability, and you are wondering if the users really need the recommended or minimum requirements above, you can test as mentioned below.
Solution
FoxService.exe is the executable that is associated with the Foxtrot and Nintex Bot Service. The Nintex Bot Service itself is run as 'Local System' profile (and it must do so or you may get unexpected results from the Bot).
FoxService.exe does contain permissions for 'Authenticated Users' upon installation but you could potentially try just giving it 'Read & execute' or 'Read' permissions (without Write and Modify permissions) and then test to ensure Bot behaves normally (especially when running botflows from RPAC).
If you encounter issues you did not encounter before, you will need to adjust the permissions to a higher accessibility and see if that resolves the issue.
**Please note, this is for any version from 13.0 and newer. FoxService was released for v13 with FoxHub.
