Adobe's own PDF help file flagged as malicious by scanners.

New Here ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

Although i'm running RoboHelp 2017 at the moment and trying to convince management to upgrade but I've been able to use the Robohelp 2019 Userguide as I was referencing how to do something that would be still supported in 2019+

I am running the latest Acrobat Reader DC 22.001.20117

 

I had downloaded 

https://help.adobe.com/en_US/robohelp/2019/robohtml/robohelp_classic_2019_help.pdf

from Adobe itself, and recently this was flagged by my InfoSec IT group as malicious and got my pc locked.

 

[11:08 AM] xxxxxxxxxx

We have came accross a know malware on your pc which is the reason we had quarantines your pc while we ran the analysis , this has now been completed and I have released your machine

 

[11:09 AM] xxxxxxxxxxxxx

the file in question is https://nvd.nist.gov/vuln/detail/CVE-2019-8027

NVD - CVE-2019-8027

10+ sources reported it as malicious

 

So the purpose of this message is more to ask Adobe to either post a file that won't false flag it or if there's some way for Adobe to have this not on the NIST vulnerabilites list.

 

TOPICS
Classic

Views

62

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

This is a user-to-user forum. While Adobe staff sometimes drop in, it's pretty rare. Try contacting the Robohelp team using the email address on this page (it reaches dedicates RH staff, not general support).

https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2022 May 27, 2022

Copy link to clipboard

Copied

Thanks! Will do. for some reason I wasn't able to find an email address when I looked. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
May 27, 2022 May 27, 2022

Copy link to clipboard

Copied

As @Amebr says, contact Support. !0 reports for a file released five years ago sounds like an over agressive checker and I can't imagine Adobe would release a malicious file. If somehow they did, I think we would have seen many more reports.

 

Norton says the file is OK.

 

It might be worth contacting your security people as well.

 

Isn't it up to any checker not to post false positives rather than whoever created the file?

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

New Users: Default forum names can be changed in your Account Settings.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2022 May 27, 2022

Copy link to clipboard

Copied

LATEST

I was contacted by my security people it was Carbon Black that caught it and raised a question and when I tried to cehck out the file on the web, that's when the automatic blocks kicked in. 


I know it wasn't/isn't malicious. my issue is that the scanners picked up that the type of the PDF it is, allows someone to add an executable that could be run "IF" you are running outdated Acrobat. Which I was/am current.

Normally yes perhaps but as a software developer myself, my own code has been hit by this type of false flagging before and I, as the developer had to try to fight the flaggings so my customers could use my software.

 

Once the flagging software reports it, then it gets into a database and aggregated and it just continues. So a company as large as Adobe might be able to work with them to address it and clear it or it's going to keep happening to other RH users.

 

I will contact the RH team on the email Amber supplied for good measure.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
Download Adobe RoboHelp