Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents

Martin Brinkmann
Jun 22, 2022
Security
|
25

Adobe is blocking several antivirus tools actively from scanning PDF documents loaded by its Adobe Acrobat Reader application, according to a security report published by Minerva Labs.

adobe acrobat reader security compatibility issue

The company found evidence that Adobe is blocking around 30 different security products from scanning loaded PDF documents. The list reads like the who is who of security companies, with one notable exception. Products from Trend Micro, McAfee, Symantec, ESET, Kaspersky, Malwarebytes, Avast, BitDefender and Sophos are blocked, according to the report. The one notable exception, at least from a market share point of view, is Microsoft Defender, which is not blocked by Adobe's software.

Here is the full list of affected companies and products:

ADVERTISEMENT

Trend Micro, BitDefender, AVAST, F-Secure, McAfee, 360 Security, Citrix, Symantec, Morphisec, Malwarebytes, Checkpoint, Ahnlab, Cylance, Sophos, CyberArk, Citrix, BullGuard,  Panda Security, Fortinet, Emsisoft, ESET, K7 TotalSecurity, Kaspersky, AVG, CMC Internet Security, Samsung Smart Security ESCORT, Moon Secure, NOD32, PC Matic, SentryBay

Blocked products are denied access to the loaded PDF file, which means that malicious code can't be detected or stopped by the products during the loading phase.

Security tools inject DLLs, Dynamic Link Libraries, into applications that are launched on the system, which is necessary to gain access. The blocking prevents the injection from taking place.

Adobe Acrobat uses the Chromium Embedded Framework (CEF) Dynamic Link Library, Libcef.dll, in two processes according to the report. The Chromium component includes a blacklist of its own to prevent issues and conflicts with DLL files. Software companies, who use libcef.dll, may customize the blacklist, and it appears that Adobe has done that to add the DLL files of security products to it.

Minerva Labs notes that the outcome of the blocking "could potentially be catastrophic". Besides reduced visibility, which "hinders detection and prevention capabilities inside the process and inside every created child processes", it is limiting the security application's means to monitor activity and to determine context.

It would be easy enough for a threat actor to add a command in the ‘OpenAction’ section of a pdf, which can then execute PowerShell, which could for example, download the next stage malware and execute it reflectively. Any of these actions would not be detected if the security product hooks are missing.

Minerva Labs contacted Adobe to find out why security products are blocked by Adobe Acrobat. Adobe replied that 'this is due to "incompatibility with Adobe Acrobat’s usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues"'.

In other words: Adobe has chosen to address stability issues by blocking security processes. Minerva Labs points out that Adobe picked convenience and the insertion of a "malware-like" behavior over resolving the issue permanently.

Bleeping Computer received a similar answer when the site contacted Adobe. Adobe confirmed that it was working with vendors of the security products to address the incompatibilities and to "ensure proper functionality with Acrobat's CEF sandbox design going forward".

Now You: do you use Adobe Acrobat Reader or another PDF application?

Summary
Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents
Article Name
Report: Adobe Reader is blocking antivirus tools from scanning loaded PDF documents
Description
Adobe is blocking several antivirus tools actively from scanning PDF documents loaded by its Adobe Acrobat Reader application, according to a security report published by Minerva Labs.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. John G. said on June 22, 2022 at 1:33 pm
    Reply

    It’s quite weird that it’s required a near 400 Mb software just to open a PDF file. LOL. :[

    1. Shiva said on June 22, 2022 at 4:13 pm
      Reply

      400 MB after installation? Well, I guess I’m fine with 12,9 MB of SumatraPDF portable.

    2. Coughing Guy said on June 22, 2022 at 6:00 pm
      Reply

      Cough *nvidia driver* cough.

    3. matthiew said on June 23, 2022 at 5:43 am
      Reply

      Adobe Acrobat DC is 2.8GB on my work computer. It’s ridiculous how bloated it is.

  2. sdg said on June 22, 2022 at 1:42 pm
    Reply

    reader. sure, i use it at work, but that’s because they install and set it as default… pretty sure they just use ms default security suites too.

    otherwise, why do you need to install anything at all to just read a pdf? every single browser can read it just fine.

  3. Clairvaux said on June 22, 2022 at 2:43 pm
    Reply

    One more reason to dislike Adobe. Check PDF X-Change Editor.

    1. Jojo said on June 23, 2022 at 8:38 am
      Reply

      Agreed! Been using PDF X-Change for many years.

  4. Klonk said on June 22, 2022 at 2:47 pm
    Reply

    I no use more Adobe branch software from 2013 year. I use alternative light software foxit pdf reader

  5. Tom Hawack said on June 22, 2022 at 3:40 pm
    Reply

    Adobe does it again. Their PDF Reader along with now defunct Flash Player has always been listed in the top charts of problematic (to put it mildly) applications. I don’t trust that company even if friends tell me it provides other quality multimedia applications.

    Adobe’s PDF Reader is heavy. I’ve always used SumatraPDF, lightweight, even if I do miss a PDF typewriter feature.

  6. Anonymous said on June 22, 2022 at 4:08 pm
    Reply

    When your security measure overrides the user’s security measure, you’ve gone beyond the realm of mental gymnastics and into security Acrobatics.

  7. spook said on June 22, 2022 at 4:34 pm
    Reply

    Always turn javascript off for any pdf reader.

  8. Paul(us) said on June 22, 2022 at 4:45 pm
    Reply

    From 2010 Nitro.

    Adobe software is not advanced anymore, and account only for some of the oldest existing software in the world. Adobe software are offering offer significant less advantages maybe this is due to their great cooperated mass.

    More and more Adobe is becoming obsolete.

  9. Anonymous said on June 22, 2022 at 5:59 pm
    Reply

    So much drama about it in the comments.
    No, Adobe is not becoming obsolete only because they added something that can’t ‘scan pdfs’.
    If people already are running nonsense a Antivirus/malware 24/7 in their computers, wouldn’t be the job of the antivirus to check the file when you download it? unless you put it in a folder excluded by scan, that is the point of even having an ‘security suite’ if it won’t check a pdf by itself and needs the reader to open it in order to check more? That means that if you want to use a simple pdf reader that doesn’t load ‘malicious code’, then the ‘security suite’ will never do its job?

    Acrobat reader is important because it is the most compatible with PDF necessities, I mean, try to load a PDF 3D file that some people might send, no other than Acrobat will read it.
    To digitally sign a document it is also the best.
    I don’t even remember what the reader does, but based on screenshot it can even edit some of the pdf and do stuff Acrobat Pro does.

    You might say “why so big” well, obviously most of the code is carried from ancient times which makes the app bigger and bigger, most of the size is most likely also code from Acrobat’s pro and features disabled.

    I mean, it works, and with people disk sizes in today’s work, it is stupid to complain about 400MB.

    Adobe is here to stay for many years because users give them tons of money every year.

    Photoshop is still used by almost everyone professionally, people talking about how amazing ‘Affinity Photo’ is, have never used Affinity Photo with their tons of limitations, especially Affinity itself which they haven’t done a real major update in two years, I guess, they will put the world situation as an excuse. Gimp is still behind, Corel stuff is just not the best anymore, Photoline is the only decent alternative but nobody knows or cares about it even if it is cheap, doesn’t look too ‘modern’ but it works better than others. also the photography suite with Lightroom is still $10 or whatever, for lightroom and photoshop, too cheap not to use it as a professional. Lightroom has many alternatives but it seems lightroom just got it right, the engine, some people like Capture One, and DXO Photolab and Exposure but always lightroom seems to win.

    Illustrator? situation is even worst, Affinity Designer is so bad at vectors, it does the basic stuff, it is the worst of Affinity software, misses so many features. Corel is the only real competitor but it became to expensive to really use it, unless you pay subscription, then you would have to pay double amount of money for a perpetual license. InkScape is not too bad, but it misses cmyk, it is slow on windows.

    And then, they bought Substance software, and most 3d artists will use it, because there is really not alternative to it to do professional work. the way it does stuff is amazing, sadly, I stopped using it after they sold to Adobe. Substance Designer is just so amazing, and there is no close competitor for it, Painter is not even good, but Substance Designer is the reason why Painter is the ‘best’. Now they are developing a 3D sculpting tool and etc etc.

    So imagine all the money Adobe is getting, so only because some people don’t want to use their FREE PDF reader because ‘too big’ or ‘bloated’ or ‘it doesn’t scan pdf’ which your security suite should have already done it by itself, then, it’s just doesn’t make sense.
    I mean, most Browsers read pdf, and only Edge can add some editing to it, you can use OpenOffice to open pdf and modify it, Google Drive or something, but that will never take Adobe’s business off only because you can use different readers, when their power is businesses and they probably only care people install and pay for the Acrobat Pro version, and if people have pdf problems and they have to install Adobe reader because it is the one that works… then so be it, better for Adobe.

    Adobe is not going anywhere, even if I don’t use it or support it in anyway, not even for the Substance software, I am not blind. Antivirus and antimalware and all that are mostly a scam anyway and running it 24/7 is a waste of resources 99% of the time, the other 1% is you using your head to what you are about to open. Most of the time people are going to open their pdf through the browser anyway, unless they want to do more there is also Edge, but let’s be realistic how opening in Adobe reader is mostly unnecessary unless you need advanced features for a reader.

  10. Usemodeapt said on June 22, 2022 at 8:46 pm
    Reply

    Adobe acrobat reader dc 800mb, sumatrapdf 6mb

  11. svim said on June 22, 2022 at 9:17 pm
    Reply

    PDF has become so pervasive as a commonly-used file format it’s almost impossible to just cut it out of our tech lives.
    Unfortunately while it is freely available to implement and use, it’s still a proprietary standard, licensed by a company like Adobe. We only have ourselves to blame, instead of switching to other, viable Open Source file formats that aren’t encumbered by corporate oversight we will all just continue relying upon PDFs. And Adobe will continue doing stunts like this on a whim.

  12. Hypocrisy Extreme said on June 22, 2022 at 9:25 pm
    Reply

    And as a gesture of friendship Microsoft Defender is blocking all cracked files that make Adobe products free. I got your back buddy, let’s call them “viruses”.

  13. Flip3dee said on June 22, 2022 at 10:46 pm
    Reply

    Adobe is a horrible company. I miss Macromedia. I gave up in Adobe products about 8 years ago and my workplace is doing the same now. Its time everyone does the same.

    Great alternatives:
    Affinity
    Foxit
    Sumatra PDF
    DaVinci Resolve

  14. Anonymous said on June 22, 2022 at 11:31 pm
    Reply

    Using Mozilla Firefox is another faster way to open a PDF (and using the NoScript add-on, any JavaScript requests can be manually halted or approved).

  15. Anonymous said on June 23, 2022 at 12:59 am
    Reply

    Unfortunately this dinosaur, which hasn’t seen extinction yet, has leveraged itself in gov and other entities requiring its encryption to view pdf’s.

  16. Tim said on June 23, 2022 at 6:01 am
    Reply

    I used Adobe reader years ago. Did its job but was slow. Then I turned to Foxit and Pdf X-change Editor. Then I discovered Sumatra pdf reader. After moving to Linux I use Qpdf. Fast and open source, though I miss a few features like editing pdf text – this I do using Xournal++.

  17. Tim said on June 23, 2022 at 6:02 am
    Reply

    I used Adobe reader years ago. Did its job but was slow. Then I turned to Foxit and Pdf X-change Editor. Then I discovered Sumatra pdf reader. After moving to Linux I use Qpdfview. Fast and open source, though I miss a few features like editing pdf text – this I do using Xournal++.

  18. Anonymous said on June 23, 2022 at 2:47 pm
    Reply

    After 2012 all of their products turned to bloated subscription garbage. There are lots of great alternatives out there so no need to suffer with Adobe.

  19. Tree said on June 23, 2022 at 9:23 pm
    Reply

    Adobe acrobat Reader 4 is the last one to use. Why would one want to use it to open videos, scripts, jpegs, etc? It is just another virus entry like Internet Explorer 8, which uses ActiveX and other scripts to infect the computers. This is worse than bloat.

  20. hoho said on June 25, 2022 at 4:51 pm
    Reply

    Thanks adobe, I’ll keep sticking with Sumatra.

  21. jesse said on July 4, 2022 at 4:54 pm
    Reply

    my company has a problem with the latest version of adobe pdf, it is too slow and it hangs at all times, we have mcafee as security software and we have put the exceptions presented by adobe and the problem continues, what we have had to do is install an old version of adobe and block so it doesn’t update automatically, with those old versions it works fine.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.