Adobe Reader Plugins Detected as Threat/Malware - MSRMSPIBroker.exe

Report · Aug 04, 2020

Our Threat Intel detected one of the Reader plugins as Malware.

HASH: c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878

Folder Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers

File Name: MSRMSPIBroker.exe

Can you advise if this is a legitimate file?

Report · Aug 05, 2020

By what AV program?

Have you done a Google search on that file name?

Report · Aug 05, 2020

No, of course we can't tell you if it is a legititmate file, because malware often replaces valid files, so the malware name is the same. However the process with such reports is the same:

* Check the origin of the file (Azure plug-ins: https://helpx.adobe.com/uk/acrobat/kb/mip-plugin-download.html)

* Reinstall in a safe environment

* Check and compare

* If the same, report as a false hit.

Managing false hits is an annoying but necessary task.

Report · Aug 05, 2020

Are you saying the plugins is for Azure plugins?

Virus Total: https://www.virustotal.com/gui/file/c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878...

Detected on CrowdStrike Falcon.

Report · Aug 06, 2020

I am saying this is a plug-in to allow Azure access to Acrobat Reader. It is an extra install, not included with the standard Acrobat Reader. If you did not install this, be suspicious.

Adobe Community

Adobe Reader Plugins Detected as Threat/Malware - MSRMSPIBroker.exe