Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents

I assume the general consensus will be to get rid of it and use something else?

 

I ditched Adobe Reader, some time ago.

For just viewing, I use a very handy tool, called QuickLook.
Many formats supported., and fast. https://apps.microsoft.com/store/detail/quicklook/9NV4BS3L1H4S

For filling forms, Edge does the job.

 

It's flagrant, that Adobe Reader blocks 30 well know security apps from scanning loaded PDFs.
With the except of MS Defender, which is sovereign.

 

I somehow doubt that they actually checked for possible incompatibilities with all those AVs but rather just blacklisted them all. Kind off "guilty until proven innocent"...

 

ESET should not be affected. Moreover there's no ESET dll listed in the "Full list of DLL queries" table.

 

Interesting as they were mentioned specifically in the article. Good to know. Thanks for posting.

 

half baked as usual.
- adobe is locking for its exclusive access as always, this is not new.
- used pdf files have already been scanned before, writing files always trigger a file scan. and this is also happening with files from the web, either temporary or saving for later.

 

Yes exactly, what a piece of garbage. It has always been a security risk, and now they are even making it worse. Shame on Adobe! However, why do AV's need to inject .dll files in order to scan stuff?

 

Maybe for the sandbox?

 

assumption based on what?
pdf files cant execute dll files by injection

 

But pdf files can contain Java commands and embedded files, like word files,
and Adobe Reader is set to open them, by default.

Adobe Reader was vulnerable, month after month, year by year.
he's no longer necessary, as Edge can do all, most users need.

 

to correct you: javascript.
and yes, pdf can contain objects.
but those are not executed by default.

anyhow, the discussion has left the technical base because any file is scanned when dropped on the computer, or right before it is opened if scan-on-access is performed.

and injections do not work on non-executive files, only for processes or other loaded libraries.

 

True but this is about Adobe Reader and not the PDF files themselves.

 

and? its about adobe reader blocking pdf files. files are scanned before so it do not matter if they cant be scanned while in use. and because adobe reader is blocking them the files cant be altered from other software.

and offtopic:
if the reader got injected, dont you think the reader could not be the main problem?
windows defender has an anti-exploit detection which is injected into processes.

 

Except it's not. It's about Adobe Reader blocking injection of AV software. PDFs are another issue and if you open them with something else this does not apply.

Yes, Adobe Reader is the problem here. You're not wrong with what you are saying, it just isn't what the article was about.

 

now i see, Brinkmann is mixing content, first is about pdf, second half is about injection.

this is the point:

did you know and did you complain at google that any chromium based is rejecting injections after start?
this is valid since chromium v78 (maybe earlier, see below)
https://security.stackexchange.com/...-chrome-78-block-all-methods-of-dll-injection
and once started there is no further injection possible. Brinkmann is selling a lie.

from the eset forum, i am pretty sure they are aware that eset is not on the list
https://forum.eset.com/topic/16392-...cking-in-chrome-69-affect-endpoint-antivirus/

please have in mind that ghacks is a news selling platform like other - not more, they dont need to be correct.