MSE warning of several "unclassified" Adobe risks.

  mooly 08:27 15 Jan 2010
Locked

Today MSE (Microsoft security essentials) has popped a warning up of around 10 unclassified risks prompting to send to MS for evaluation.
I wasn't using using Adobe today when this happened.
There was an Adobe update on Wednesday...
Anyone else using MSE and Adobe had this happen ?

As if that's not enough, an hour later and another warning of a further two Adobe items.
All have a file path c:\programfiles\adobe etc

  rawprawn 16:04 15 Jan 2010

Hi mooly Earlier this week I saw someone looking for a security patch for Adobe Reader, I think there may have been some problems. I don't use it myself and I can't find the original post. However I wonder if you got these in your update.
click here
I don't know if this is relevant to MSE.

  john bunyan 16:57 15 Jan 2010

Although I am now on W7 and Avira, about 6 months ago I was using XP and AVG8.5, and SAS. I think it was one or the other (AVG I think) that picked up some problems, and I too quickly deleted them , only to find they were false positives on an Adobe Photoshop CS4 update. I had to reinstall PS. Maybe a simlar thing has happened. There was an Adobe reader update this week, and, in my case a CS4 update as well.May be wouth Googlin for false positives with your details.

  mooly 17:27 15 Jan 2010

Hi Rawprawn and John,

It's actually popped up another warning just now for one Adobe item asking for sample to be sent to MS. I have done.

I think these must be false positives as you say.
I have asked on the MSE forums too... I'll let you know what happens... and googled it and found mention of it on, you've guessed... the MSE Forum. One of the MS moderators and tech guys had been prompted by MSE to upload suspicious Adobe files following an update... the thread was about something else though.

I can't just remember what the update was (the details) but I'm sure it was a security update.

However I find Adobe in progs and features now has an install date of 13th Jan... would that change just for an update from the original install date. Or is version 9.3.0 a new version that has replaced an earlier one. I now it was reader 9 I had... couldn't tell you if it was a different version though.

Reader 9 and Flash player are the only Adobe products I use.

  john bunyan 09:26 16 Jan 2010

My latest version of Reader is 9.3.0 - came in this week. If I were you I would download the latest version of Superantispyware (free), update it. Then restore the quarantined files in MSE. Then run SAS, and if it does not pick up the suspicious files, I think that would confirm they are false positives. I use Avira (W7) anti vivus , and SAS and Malawarebytes as malware. No positives found recently after the Adobe update.

  john bunyan 09:27 16 Jan 2010

PS I checked my version of Reader by the Tools section of CCleaner

  mooly 12:29 16 Jan 2010

Thanks John... it's quite interesting actually.
MSE hasn't got any files in quarantine... which is something I don't understand. If it thought them suspicious what has it done with them ?

They appear to be still in the Adobe program files, which if I scan with MSE comes back clean.

Maybe this is the much talked about feature of MSE that it "calls home" to ask about anything like this. No more alerts since yesterday.

If I find out anymore I'll report back on here.

  mooly 18:31 16 Jan 2010

I found "Problem reports and solutions" has the files all listed, and reports sent to MS... all very interesting.

  mooly 08:06 17 Jan 2010

OK... more infor on this.
Over at MSE forum this issue has been able to be reproduced on Windows XP (I'm running Vista) SP3 and using MSE Build 1611 & Defs v1.71.2259.0 after upgrading Adobe Reader to v9.3 on 15 Jan-10

So it appears a glitch with a particular definition update for MSE.

  john bunyan 11:40 17 Jan 2010

I think all of these anti virus and anti malware programmes occasionally produce false positives . Adobe updates seem a bit prone to give such a result; I imagine it is difficult to cope with the uptates from all software.

  mooly 12:42 17 Jan 2010

Hi John... I agree.
What was really interesting was seeing the way MSE handled it... and this perhaps ties in with the way MSE looks for unexpected behaviour over a period of time maybe.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Galaxy Note 8 vs iPhone X

The secrets of creating gory VFX

How to update iOS on iPhone or iPad

WhatsApp : comment lire vos messages sans que l’expéditeur le sache