Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents

Discussion in 'other anti-virus software' started by JRViejo, Jun 22, 2022 at 2:04 PM.

  1. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    78,335
    Location:
    U.S.A.
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,257
    Location:
    USA
    I assume the general consensus will be to get rid of it and use something else?
     
  3. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,071
    Location:
    Baden Germany
  4. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,071
    Location:
    Baden Germany
    It's flagrant, that Adobe Reader blocks 30 well know security apps from scanning loaded PDFs.
    With the except of MS Defender, which is sovereign.
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,671
    Location:
    Slovenia, EU
    I somehow doubt that they actually checked for possible incompatibilities with all those AVs but rather just blacklisted them all. Kind off "guilty until proven innocent"...
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,450
    ESET should not be affected. Moreover there's no ESET dll listed in the "Full list of DLL queries" table.
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,257
    Location:
    USA
    Interesting as they were mentioned specifically in the article. Good to know. Thanks for posting.
     
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,545
    half baked as usual.
    - adobe is locking for its exclusive access as always, this is not new.
    - used pdf files have already been scanned before, writing files always trigger a file scan. and this is also happening with files from the web, either temporary or saving for later.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,371
    Location:
    The Netherlands
    Yes exactly, what a piece of garbage. It has always been a security risk, and now they are even making it worse. Shame on Adobe! However, why do AV's need to inject .dll files in order to scan stuff?
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,257
    Location:
    USA
    Maybe for the sandbox?
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,545
    assumption based on what?
    pdf files cant execute dll files by injection :rolleyes:
     
  12. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,071
    Location:
    Baden Germany
    But pdf files can contain Java commands and embedded files, like word files,
    and Adobe Reader is set to open them, by default.

    Adobe Reader was vulnerable, month after month, year by year.
    he's no longer necessary, as Edge can do all, most users need.
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,545
    to correct you: javascript.
    and yes, pdf can contain objects.
    but those are not executed by default.

    anyhow, the discussion has left the technical base because any file is scanned when dropped on the computer, or right before it is opened if scan-on-access is performed.

    and injections do not work on non-executive files, only for processes or other loaded libraries.
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,257
    Location:
    USA
    True but this is about Adobe Reader and not the PDF files themselves.
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,545
    and? its about adobe reader blocking pdf files. files are scanned before so it do not matter if they cant be scanned while in use. and because adobe reader is blocking them the files cant be altered from other software.

    and offtopic:
    if the reader got injected, dont you think the reader could not be the main problem?
    windows defender has an anti-exploit detection which is injected into processes.
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,257
    Location:
    USA
    Except it's not. It's about Adobe Reader blocking injection of AV software. PDFs are another issue and if you open them with something else this does not apply.

    Yes, Adobe Reader is the problem here. You're not wrong with what you are saying, it just isn't what the article was about.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,545
    now i see, Brinkmann is mixing content, first is about pdf, second half is about injection.

    this is the point:
    did you know and did you complain at google that any chromium based is rejecting injections after start?
    this is valid since chromium v78 (maybe earlier, see below)
    https://security.stackexchange.com/...-chrome-78-block-all-methods-of-dll-injection
    and once started there is no further injection possible. Brinkmann is selling a lie.

    from the eset forum, i am pretty sure they are aware that eset is not on the list
    https://forum.eset.com/topic/16392-...cking-in-chrome-69-affect-endpoint-antivirus/

    please have in mind that ghacks is a news selling platform like other - not more, they dont need to be correct.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.