Blog Post

Ritelink Blog > News > SOFTWARE > Adobe Acrobat may be subtly undermining your antivirus

Adobe Acrobat may be subtly undermining your antivirus

The majority of antivirus software appears to be prevented by Adobe Acrobat from checking PDF files at startup, placing consumers at danger.

Security experts at Minerva Labs were the ones who initially discovered the problem. According to BleepingComputer, Minerva observed Adobe Acrobat looking for DLL files from 30 security products and checking to see if they were loaded into memory while the program was running. The top players in the market, such as Bitdefender, Avast, Trend Micro, Symantec, Malwarebytes, ESET, Kaspersky, F-Secure, Sophos, and Emsisoft, are also represented in this group of products.

According to the report, if it discovers any, it “most likely” blocks them, stopping any surveillance activity.

The Issue

As stated by Minerva Labs, “Since March of 2022 we’ve witnessed a gradual spike in Adobe Acrobat Reader processes trying to query which security product DLLs are loaded into it by getting a handle on the DLL.”

Bleeping Computer also found a user complaint on the Citrix forum, saying Sophos’ Antivirus started getting errors after an Adobe product was installed, and that the company suggested disabling DLL-injection for Acrobat and Reader.

“We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat’s usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues,” wrote Adobe, in response to complaints. 

At the moment, it’s working on a fix, to “ensure proper functionality with Acrobat’s CEF sandbox design going forward.”

According to Minerva Labs, between compatibility issues and disabling antivirus solutions, Adobe chose the latter, putting its users at real risk of malwareransomware, and other nasties lurking in the depths of the internet.

PDF files are known to have been used by threat actors in the past. Only recently, researchers spotted a campaign that uses PDF files, through which malicious Word files were being distributed to target endpoints. 

Leave a comment

Your email address will not be published. Required fields are marked *