Copy link to clipboard
Copied
Our virus scanner partially recognizes some Adobe file as an encryption Trojan.
Filenames:
ES_session_store
ES_session_storei
Can someone tell me what the files are for? The files are under the following path:
C:\Users\Daniel\AppData\Roaming\Adobe\Acrobat\DC\Security\
Copy link to clipboard
Copied
Sorry for necroing an older thread, but I would like to know that as well..... in our case the file server on which the roaming profiles are stored notifies us about an encryption event.
Since it is a heuristic hit and it is classified as a "generic cryptor" I suspect Adobe encrypts some sensitive data in those files. When the roaming profile is written to the file server on client shutdown, it triggers the encryption event warning.
So I THINK it is a false positive, but I would like to know for sure.
If anybody has some insight into those files and could shed some light on this it would be highly appreciated.
Copy link to clipboard
Copied
Hi - did you manage to get to the bottom of this? I think it's a false positive like you say but I can't get a decent answer out of our antivirus support!
Copy link to clipboard
Copied
Hey there...
No, nothing new came to light.
We had a handful of similar events that triggered the encryption warning, but it always checked out with the current theory:
Some program had to store sensitive data of some sorts and it did so with an encrypted file somewhere under APPDATA/ROAMING.
Then, at logout, the roaming profile was copied to the server which triggered the encryption warning.
But so far, no new information about ES_session_store