Why Adobe Reader is blocking antivirus tools from scanning

The organization found proof that Adobe is blocking around 30 different security products from filtering stacked PDF records. The list peruses like the who is who of security companies, with one remarkable special case. Products from Trend Micro, McAfee, Symantec, ESET, Kaspersky, Malwarebytes, Avast, BitDefender and Sophos are blocked, as indicated by the report. The one prominent exemption, essentially from a market share perspective, is Microsoft Defender, which is not blocked by Adobe’s software.

Here is the full list of affected companies and products:

Trend Micro, BitDefender, AVAST, F-Secure, McAfee, 360 Security, Citrix, Symantec, Morphisec, Malwarebytes, Checkpoint, Ahnlab, Cylance, Sophos, CyberArk, Citrix, BullGuard, Panda Security, Fortinet, Emsisoft, ESET, K7 TotalSecurity, Kaspersky, AVG, CMC Internet Security, Samsung Smart Security ESCORT, Moon Secure, NOD32, PC Matic, SentryBay

Blocked products are denied admittance to the stacked PDF file, and that implies that malevolent code can’t be distinguished or come by the products during the stacking stage.

adove_fix

Security instruments infuse DLLs, Dynamic Link Libraries, into applications that are sent off on the framework, which is important to get entrance. The blocking keeps the infusion from taking spot.

Adobe Acrobat utilizes the Chromium Embedded Framework (CEF) Dynamic Link Library, Libcef.dll, in two cycles as per the report. The Chromium part incorporates its very own blacklist to forestall issues and conflicts with DLL files. Software companies, who use libcef.dll, may alter the blacklist, and apparently Adobe has done that to add the DLL files of security products to it.

Minerva Labs noticed that the result of the blocking “might actually be horrendous”. Other than decreased visibility, which “ruins recognition and counteraction abilities inside the cycle and inside each made youngster processes”, it is restricting the security application’s means to screen movement and to decide setting.

It would be simple enough for a danger entertainer to add a command in the ‘OpenAction’ part of a pdf, which can then execute PowerShell, which could for instance, download the following stage malware and execute it reflectively. Any of these activities wouldn’t be distinguished if the security item hooks are missing.

Minerva Labs reached Adobe to find out why security products are blocked by Adobe Acrobat. Adobe answered that ‘this is because of “incongruence with Adobe Acrobat’s use of CEF, a Chromium based motor with a limited sandbox plan, and may cause steadiness issues”‘.

In other words: Adobe has decided to address soundness issues by blocking security processes. Minerva Labs brings up that Adobe picked comfort and the inclusion of a “malware-like” conduct over settling the issue forever.

Bleeping Computer got a comparative response when the site reached Adobe. Adobe confirmed that it was working with merchants of the security products to address the contrary qualities and to “guarantee legitimate functionality with Acrobat’s CEF sandbox configuration proceeding”.

Visit https://malwarebytesnew.com/install-license-key-malwarebytes and read complete guide to install security in your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Malwarebytes News

Categories