Skip to main content
T
Tyrone27602746bdcm
Participant
December 16, 2022
Question

Adobe Acrobat triggering false positives with Anti-Virus.

  • December 16, 2022
  • 2 replies
  • 4544 views

Apologies if there's a thread on this already. I could not find anything using the search. Lately, our anti-virus has been popping off for random computers due to suspicious behavior of "behavior modification" from Adobe. We just about get 1-2 computers a day with this alert.  I saw an article on Bleeping Computer that Adobe is blocking anti-virus software from scanning PDFs. This is a huge security risk for us. Is there a workaround or fix for this? Here is a link to Bleeping Computer explaining the issue.

https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/

This topic has been closed for replies.

2 replies

Krutikka D
Krutikka D
Participating Frequently
December 20, 2022

Hello @Tyrone27602746bdcm 

 

Would you mind sharing a few details, so we can assist you better?

1. Application and OS version.

2. What is the exact error message you're getting? Please share a screenshot and video recording of the error and workflow you're doing.

3. Make and Model of the antivirus you're using.

Also, make sure that the antivirus is updated.

 

Hoping to hear from you soon.

 

Regards,

Krutikka

T
Tyrone27602746bdcmAuthor
Participant
December 20, 2022

1. Adobe Acrobat Reader Version 22.003.20282 / Windows 10 Pro 21H2

2. "Security Threat: Program Library Injection" seems to happen when users open a PDF I believe. I've attached a screenshot; PDF opens like normal for users, but we (IT) receive the suspicious behavior alert. It seems to happen to 1 or 2 random users daily at this point.

3. Trend Micro Worry Free Business Services Agent Version 6.7.3075/14.2.3048 Smart Scan Agent Pattern version: 18.143.00 (although it would have been whatever version was for 4 days ago as we have it automatically update daily)

Krutikka D
Krutikka D
Participating Frequently
December 22, 2022

Hello @Tyrone27602746bdcm 

 

Hope you're doing well.

 

This issue might be internal. Would you mind checking whether bBlockDllInjection is present and set to 1 inside registry path SOFTWARE\Adobe\Acrobat Reader\DC\DLLInjection on the machines where this alert is coming up?

 

We are trying to reproduce and check on our end as well.

 

hoping to hear from you soon.

 

Regards,

Krutikka

Krutikka D
Krutikka D
Participating Frequently
December 16, 2022

Hello @Tyrone27602746bdcm 

 

I hope you're doing great.

 

Thank you for sharing this with us.

We will indeed look into this and will get back to you with a definite response in a couple of days.

 

Thank you,

Krutikka

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices