Highlighted

Adobe Reader Plugins Detected as Threat/Malware - MSRMSPIBroker.exe

New Here ,
Aug 04, 2020

Copy link to clipboard

Copied

Our Threat Intel detected one of the Reader plugins as Malware.

HASH: c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878

Folder Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers

File Name: MSRMSPIBroker.exe

Can you advise if this is a legitimate file?

Views

54

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Adobe Reader Plugins Detected as Threat/Malware - MSRMSPIBroker.exe

New Here ,
Aug 04, 2020

Copy link to clipboard

Copied

Our Threat Intel detected one of the Reader plugins as Malware.

HASH: c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878

Folder Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers

File Name: MSRMSPIBroker.exe

Can you advise if this is a legitimate file?

Views

55

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Community Professional ,
Aug 05, 2020

Copy link to clipboard

Copied

By what AV program?

Have you done a Google search on that file name?

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Most Valuable Participant ,
Aug 05, 2020

Copy link to clipboard

Copied

No, of course we can't tell you if it is a legititmate file, because malware often replaces valid files, so the malware name is the same. However the process with such reports is the same:

* Check the origin of the file (Azure plug-ins: https://helpx.adobe.com/uk/acrobat/kb/mip-plugin-download.html)

* Reinstall in a safe environment

* Check and compare

* If the same, report as a false hit.

Managing false hits is an annoying but necessary task.

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Aug 05, 2020

Copy link to clipboard

Copied

Are you saying the plugins is for Azure plugins?

Virus Total: https://www.virustotal.com/gui/file/c67ebef769c8cc1e22a1576376929be9e06a70b43199ab14d7eea58bd9d9d878...

 

Detected on CrowdStrike Falcon.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Most Valuable Participant ,
Aug 06, 2020

Copy link to clipboard

Copied

I am saying this is a plug-in to allow Azure access to Acrobat Reader. It is an extra install, not included with the standard Acrobat Reader. If you did not install this, be suspicious.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Resources
Trending Issue & Solution
Edit PDF in Adobe Acrobat Pro DC