Participant

Question

Adobe's own PDF help file flagged as malicious by scanners.

Forum|Forum|3 years ago
May 26, 2022
2 replies
436 views

Although i'm running RoboHelp 2017 at the moment and trying to convince management to upgrade but I've been able to use the Robohelp 2019 Userguide as I was referencing how to do something that would be still supported in 2019+

I am running the latest Acrobat Reader DC 22.001.20117

I had downloaded

https://help.adobe.com/en_US/robohelp/2019/robohtml/robohelp_classic_2019_help.pdf

from Adobe itself, and recently this was flagged by my InfoSec IT group as malicious and got my pc locked.

[11:08 AM] xxxxxxxxxx

We have came accross a know malware on your pc which is the reason we had quarantines your pc while we ran the analysis , this has now been completed and I have released your machine

[11:09 AM] xxxxxxxxxxxxx

the file in question is https://nvd.nist.gov/vuln/detail/CVE-2019-8027

NVD - CVE-2019-8027

10+ sources reported it as malicious

So the purpose of this message is more to ask Adobe to either post a file that won't false flag it or if there's some way for Adobe to have this not on the NIST vulnerabilites list.

Classic

This topic has been closed for replies.

Peter Grainge

Community Expert

As @Amebr says, contact Support. !0 reports for a file released five years ago sounds like an over agressive checker and I can't imagine Adobe would release a malicious file. If somehow they did, I think we would have seen many more reports.

Norton says the file is OK.

It might be worth contacting your security people as well.

Isn't it up to any checker not to post false positives rather than whoever created the file?

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.

D

DaFixerAuthor

Participant

I was contacted by my security people it was Carbon Black that caught it and raised a question and when I tried to cehck out the file on the web, that's when the automatic blocks kicked in.

I know it wasn't/isn't malicious. my issue is that the scanners picked up that the type of the PDF it is, allows someone to add an executable that could be run "IF" you are running outdated Acrobat. Which I was/am current.

Normally yes perhaps but as a software developer myself, my own code has been hit by this type of false flagging before and I, as the developer had to try to fight the flaggings so my customers could use my software.

Once the flagging software reports it, then it gets into a database and aggregated and it just continues. So a company as large as Adobe might be able to work with them to address it and clear it or it's going to keep happening to other RH users.

I will contact the RH team on the email Amber supplied for good measure.

A

Amebr

Community Expert

This is a user-to-user forum. While Adobe staff sometimes drop in, it's pretty rare. Try contacting the Robohelp team using the email address on this page (it reaches dedicates RH staff, not general support).

https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp

D

DaFixerAuthor

Participant

Thanks! Will do. for some reason I wasn't able to find an email address when I looked.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded