Adobe Acrobat 8 Blocked

[dariusf]

Hi,

 

Running Immunet 3.0 the Adobe Acrobat 8 is getting blocked when trying to convert a Word or Excel document to a PDF with the plugin or stand alone. Also tried ver 9 with same issue.

 

I identified the culprit being the SPERO detection engine. Turning it off resolves the issue. I would still like to use that detection engine if there is a resolution.

 

Adding the Adobe directory or the EXE to the protection exclusion list does not have any effect.

 

Thanks

Darius

[sweidre]

Hi,

1. Running Immunet 3.0 the Adobe Acrobat 8 is getting blocked when trying to convert a Word or Excel document to a PDF with the plugin or stand alone. Also tried ver 9 with same issue.

2. I identified the culprit being the SPERO detection engine. Turning it off resolves the issue. I would still like to use that detection engine if there is a resolution.

3. Adding the Adobe directory or the EXE to the protection exclusion list does not have any effect.

Hi Dariusf,

1.) You are mentioning the word "blocked". Was a file quarantined? If the file is quarantined, click on the particular file in the left pane of the quarantine and make a note of the original path to that file shown in the right pane. If you click on the button "restore" the file will be restored to that path. If you have Immunet v.3.0.2.6548 (latest version) installed, automatically Immunet will upon restoring place the path with file to the Exclusion List and Immunet will ignore that path & file in the future. If you have an older version of Immunet, you must manually place that path & file to the Exclusion Lis: Settings -> File Exclusion -> Add New Exclusion (Remember to click on the "Apply" button to save your settings!). Follow the routine pinned in the forum by the administrator Anthony: Send an email to support@samples.immunet.com with the particular file compressed into zip- or 7z- format for analysis. Within 2 hours (US Mountain Time Mon-Fri 9-5) you will receive a reply (malware or false positive). Automatically Immunet will also report the result of analysis to the Immunet Community Cloud. (Note, that still sometimes the report to the Cloud is delayed, so keep the path with file on the Exclusion List (I will say at least for 2 weeks.)

2.) Even if you have found SPERO as the "culprit", it represents the threat database in the Cloud, so it shall be ON to get protected.

3.) It might be, that Adobe itself is not "blocked" (= quarantined), but a temp folder and/or file is.

Cheers,

sweidre

PS. If this will not apply to you, please, give more info about Immunet version number and other info e.g. attach a screenshot! If I am not helping you, somebody else will! Ds.

[Rob.T]

Hi dariusf, would you mind taking a support snapshot for me? This can be done by clicking start -> All Programs -> Immunet 3.0 -> Support Diagnostics Tool. This will create a new file on your desktop with a name like Immunet_Support_Tool_[date and timestamp].7z. Please email this file to support@immunet.com with the subject "For RobT - Forum Thread 1150".

 

I can't to find a copy of Acrobat 8 or 9 to try and reproducte this with, but I should be able to get the info I need from your snapshot files.