Probable false positive - Adobe Premeire Elements
Posted 29 December 2011 - 05:20 PM
Posted 30 December 2011 - 12:06 PM
The signature is blacklisted and that causes the warning. There's nothing wrong with the files signed by Adobe, but signed installers (especially Flash installers signed by Adobe) are also used to install malware.
Here is a nice blog post that explains how malware is installed by signed installers.
For that reason the signature is blacklisted, so OA will show the extra warning.
Posted 30 December 2011 - 05:41 PM
Are you saying that a malicious dll was detected piggybacking on the signed installer? If so why doesn't the warning say that?
Or are are you saying that all Adobe signatures have been black listed because someone might bundle a malicious dll with an Adobe product?
Posted 31 December 2011 - 01:49 AM
The Adobe certificate was blacklisted.
This means that OA will not TRUST (mark as Trusted) any executable files signed with this certificate.
As for why the particular executable is being marked as "Not Trusted":
Could you please delete the entry for it in the "Programs", enable debug mode, reproduce the issue and send the debug logs to oasupport (at) emsisoft (dot) com with a link to this thread in the message body? I can't tell you why it was marked "Not Trusted" without logs.
KB article about OA logs: http://support.emsis...mor-debug-logs/
Thank you in advance and have a good New Year
Andrey Fedorinin [Development]
Emsisoft Team - www.emsisoft.com
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users