Hello everyone,

Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud?

"parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe"


"parent_cmdline": "\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe\" \"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\js\\main.js\""


"path": "C:\\Windows\\System32\\cmd.exe"

"cmdline": "C:\\WINDOWS\\system32\\cmd.exe /d /s /c \"schtasks /create /tn \"Launch Adobe CCXProcess\" /tr \"\\\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\CCXProcess.exe\\\"\" /sc daily /st 09:05 -f\""



Interestingly, this is the first time I've seen this detection. Creative Cloud has been installed on a some devices for years.

Updated the tags
[edited by: Gladys at 12:13 PM (GMT -8) on 6 Mar 2024]
Parents Reply Children
  • Hi  ,

    Thanks for your reply. I checked a few logs, but I did not find anything. Updates seem to be pretty rare (last one in December). The user said he did not use the application during the period in which the detection appeared. 

    I got this detection the 4th time now for one device. I think this is a legit behavior, maybe some self healing stuff, caused by some errors? Thinking

    I can not see anything suspicious in this detection. I will keep an eye on it.