Adobe Reader Plugins Detected as Threat/Malware - MSRMSPIBroker.exe

Forum|Forum|5 years ago
August 5, 2020
2 replies
4259 views

Our Threat Intel detected one of the Reader plugins as Malware.

HASH: c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878

Folder Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers

File Name: MSRMSPIBroker.exe

Can you advise if this is a legitimate file?

This topic has been closed for replies.

T

Test Screen Name

Legend

No, of course we can't tell you if it is a legititmate file, because malware often replaces valid files, so the malware name is the same. However the process with such reports is the same:

* Check the origin of the file (Azure plug-ins: https://helpx.adobe.com/uk/acrobat/kb/mip-plugin-download.html)

* Reinstall in a safe environment

* Check and compare

* If the same, report as a false hit.

Managing false hits is an annoying but necessary task.

S

smfsaliAuthor

Participant

Are you saying the plugins is for Azure plugins?

Virus Total: https://www.virustotal.com/gui/file/c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878/detection

Detected on CrowdStrike Falcon.

T

Test Screen Name

Legend

I am saying this is a plug-in to allow Azure access to Acrobat Reader. It is an extra install, not included with the standard Acrobat Reader. If you did not install this, be suspicious.

Just Shoot Me

Legend

By what AV program?

Have you done a Google search on that file name?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded