As If You Needed Another Reason To Hate PDFs
There are confirmed reports that Adobe Acrobat Reader scans systems for 30 different security products, and if detected they will be blocked from being able to scan PDF files. Adobe accomplishes this by blocking the injection of DLLs into Adobe Acrobat Reader processes. Indeed AcroCEF.exe and RdrCEF.exe scan your system to locate DLLs belonging to security products from Bitdefender, Avast, Trend Micro, Symantec, Malwarebytes, ESET, Kaspersky, F-Secure, Sophos, Emsisoft, just to name a few.
Adobe does this because they claim their implementation of CEF, a Chromium based engine is incompatible with these programs DLL injection process and scanning a PDF could cause instability. There are many that would argue they’d rather have a PDF that crashes occasionally than crossing their fingers and hoping this isn’t the PDF that infects them with something nasty. There are also those who would point out that hundreds of programs, from Trend Micro Internet Security through Steam to Facebook Messenger all use CEF and every single one of them found a way to implement it without blocking antivirus scans.
Bleeping Computer has details on what Adobe Acrobat Reader is doing, and how it does it in their article. They did hear back from Adobe who claim they are working on a solution, so perhaps this is a perfect time to find an alternative PDF reader if you haven’t already!
PDF files have been abused in the past to execute malware on the system. One method is to add a command in the ‘OpenAction’ section of document to run PowerShell commands for malicious activity, explain the researchers at cybersecurity company Minerva Labs.