Jump to content
wisp

Trojan.Agent being reported for Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Recommended Posts

Hi, not sure if this is a false-positive or not, but Acrobat Reader DC has auto-updated on several of our clients this morning and Malwarebytes is reporting the following in every single instance:

Trojan.Agent     Quarantined      C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

 

False positive or something more to it?

Thanks

Share this post


Link to post
Share on other sites

We are getting it too. RdrCEF.exe and acrocef.exe are both being detected on multiple workstations in the environment this morning. They are being quarantined but I'm not sure yet if they are real detections or false positives. 

Share this post


Link to post
Share on other sites

I'm getting this across every one of my customers. Must be a mistake in the latest definition updates. Can we get this fixed ASAP??

Share this post


Link to post
Share on other sites

Glad we're not the only one.  Removing the threat causes the Reader to go into repair mode on next open, only to reinstall the missing exe..

Share this post


Link to post
Share on other sites

Hi guys

 

We are pushing an update currently to fix this f/p

 

Please can you up update and confirm that the detection no longers occurs.

 

Thanks in advance and our apologies for incovenience caused.

Share this post


Link to post
Share on other sites
5 minutes ago, Fatdcuk said:

Hi guys

 

We are pushing an update currently to fix this f/p

 

Please can you up update and confirm that the detection no longers occurs.

 

Thanks in advance and our apologies for incovenience caused.

What is the version of the "fixed" database ?

I can confirm v2017.09.14.04  *does not* fix it 

Edited by EcoFuelPlus

Share this post


Link to post
Share on other sites
1 minute ago, EcoFuelPlus said:

What is the version of the "fixed" database ?

MBAM2 Version: v2017.09.14.04
MBAM3 Version: 1.0.2802

Share this post


Link to post
Share on other sites

v2017.09.14.04 not working for us either.  Just added to ignore list for now since its stopping people from working.

 

Spoke to soon, works for us.  I was testing previous definitions.  v2017.09.14.04 seems to have fixed the issue.

Thanks for the fast support

Edited by arcdc
I was wrong about my initial findings

Share this post


Link to post
Share on other sites

Looks like we are ok now.  Notifications have stopped for us now so perhaps there was some latency after updating server. Thanks for a quick resolution!

 

Share this post


Link to post
Share on other sites
1 minute ago, MKBistro said:

Looks like we are ok now.  Notifications have stopped for us now so perhaps there was some latency after updating server. Thanks for a quick resolution!

 

Yes same for us - fingers crossed 

Share this post


Link to post
Share on other sites

For now what it did is Exclude this object for All Clients, and later once new build comes out you can Restore this Object for All Clients.

 

image.thumb.png.5561afd129a3de6f304470c9e3f3d9b5.png

Share this post


Link to post
Share on other sites

just had another notification - this time the database version was 2017.09.14.05 !

Im wondering if again this was a latency issue - maybe the machine was just turned on and detected the adobe file before updating to the latest database ....

 

Edited by EcoFuelPlus

Share this post


Link to post
Share on other sites
5 minutes ago, EcoFuelPlus said:

just had another notification - this time the database version was 2017.09.14.05 !

 

 

 

Yup, i just pushed out the next lot of new defs for today to the database .

 

The faulting def was removed with the previous update cycle (#4) .

 

Again our thanks for reporting this guys and apologies for any inconvenience caused.

 

I will close this topic off now as it is now resolved.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.