Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents by Martin Brinkmann
I ditched Adobe Reader, some time ago. For just viewing, I use a very handy tool, called QuickLook. Many formats supported., and fast. https://apps.microsoft.com/store/detail/quicklook/9NV4BS3L1H4S For filling forms, Edge does the job.
It's flagrant, that Adobe Reader blocks 30 well know security apps from scanning loaded PDFs. With the except of MS Defender, which is sovereign.
I somehow doubt that they actually checked for possible incompatibilities with all those AVs but rather just blacklisted them all. Kind off "guilty until proven innocent"...
ESET should not be affected. Moreover there's no ESET dll listed in the "Full list of DLL queries" table.
half baked as usual. - adobe is locking for its exclusive access as always, this is not new. - used pdf files have already been scanned before, writing files always trigger a file scan. and this is also happening with files from the web, either temporary or saving for later.
Yes exactly, what a piece of garbage. It has always been a security risk, and now they are even making it worse. Shame on Adobe! However, why do AV's need to inject .dll files in order to scan stuff?
But pdf files can contain Java commands and embedded files, like word files, and Adobe Reader is set to open them, by default. Adobe Reader was vulnerable, month after month, year by year. he's no longer necessary, as Edge can do all, most users need.
to correct you: javascript. and yes, pdf can contain objects. but those are not executed by default. anyhow, the discussion has left the technical base because any file is scanned when dropped on the computer, or right before it is opened if scan-on-access is performed. and injections do not work on non-executive files, only for processes or other loaded libraries.
and? its about adobe reader blocking pdf files. files are scanned before so it do not matter if they cant be scanned while in use. and because adobe reader is blocking them the files cant be altered from other software. and offtopic: if the reader got injected, dont you think the reader could not be the main problem? windows defender has an anti-exploit detection which is injected into processes.
Except it's not. It's about Adobe Reader blocking injection of AV software. PDFs are another issue and if you open them with something else this does not apply. Yes, Adobe Reader is the problem here. You're not wrong with what you are saying, it just isn't what the article was about.
now i see, Brinkmann is mixing content, first is about pdf, second half is about injection. this is the point: did you know and did you complain at google that any chromium based is rejecting injections after start? this is valid since chromium v78 (maybe earlier, see below) https://security.stackexchange.com/...-chrome-78-block-all-methods-of-dll-injection and once started there is no further injection possible. Brinkmann is selling a lie. from the eset forum, i am pretty sure they are aware that eset is not on the list https://forum.eset.com/topic/16392-...cking-in-chrome-69-affect-endpoint-antivirus/ please have in mind that ghacks is a news selling platform like other - not more, they dont need to be correct.
I wasn't aware of the fact that files AV's can't scan files if they are not able to inject .dll files into them, a bit weird. You would think that they could scan files via system driver and I assume it's also not needed for cloud analysis. Seems like you didn't read the article good enough.
They don't need to do so to scan an idle file. They need to inject into Acrobat Reader to scan the file while it is open and it is more likely to run any malicious code there (macros, javascript, etc.) that may be missed in an idle file.
OK I see, yes this does indeed makes sense, I forgot about this. Because anti-exploit tools also use this technique in order to block exploit techniques from boobytrapped files.