McAfee report Trojan C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT691A.tmp. Is the BIT691A.tmp file a legitimate adobe file?

Thank you for the reply LeoAdobX.

Do you know or have heard of why McAfee is flagging the BIT temp file as a trojan?

Thanks,

Rattanak

Did you ever get any further information on this?  We're receiving the same results from Symantec Endpoint Protection flagging these files in the same directory and just started today.  We submitted the file to Symantec to determine if it is a false positive but haven't heard anything back yet.

I did the same thing with McAfee. I sent them the information to their virus research team but have not heard back from them. I was hoping to get some solid answers from Adobe support but each call redirected me to this forum.

Just to follow up, Symantec did get back to me and confirmed it was a false positive and are updating their signatures.

Thanks for the update Eric.

Do you have UAC enabled on this OS?
Also, please check that all 3 files in the folder below have valid Adobe digital signature-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0
Can you please provide File version for AdobeARM.exe file from this folder?
What is your installed Reader version?
Can you export Registry key below and send me reg file?
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\Products\{291AA914-A987-4CE9-BD63-AC0A92D435E5}

Hello LeoAdobeX,

-- The UAC is enabled on the OS.

-- The three files in the C:\Program Files (x86)\Common Files\Adobe\ARM\1.0 are digitally signed by Adobe Systems, Incorporated.

-- The reader version that was affected was Adobe Acrobat Reader DC version 18.011.20038.

-- I tried to send you the registry key that was requested but got a bounce back from the email address. Do you have the adobe security email address that I can send the registry key to?

Thanks,

Rattanak

Hi Nic Nak,

Did you receive a response from McAfee?