Copy link to clipboard
Copied
Our Threat Intel detected one of the Reader plugins as Malware.
HASH: c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878
Folder Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers
File Name: MSRMSPIBroker.exe
Can you advise if this is a legitimate file?
Copy link to clipboard
Copied
By what AV program?
Have you done a Google search on that file name?
Copy link to clipboard
Copied
No, of course we can't tell you if it is a legititmate file, because malware often replaces valid files, so the malware name is the same. However the process with such reports is the same:
* Check the origin of the file (Azure plug-ins: https://helpx.adobe.com/uk/acrobat/kb/mip-plugin-download.html)
* Reinstall in a safe environment
* Check and compare
* If the same, report as a false hit.
Managing false hits is an annoying but necessary task.
Copy link to clipboard
Copied
Are you saying the plugins is for Azure plugins?
Virus Total: https://www.virustotal.com/gui/file/c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878...
Detected on CrowdStrike Falcon.
Copy link to clipboard
Copied
I am saying this is a plug-in to allow Azure access to Acrobat Reader. It is an extra install, not included with the standard Acrobat Reader. If you did not install this, be suspicious.