Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 21 subscribers
  • Views 12706 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1 - Adobe Creative Cloud

Jonas Stadler

Hello everyone,

Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud?

"parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe"

SHA256(node.exe)17fd75d8a41bf9b4c475143e19ff2808afa7a92f7502ede731537d9da674d5e8

"parent_cmdline": "\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe\" \"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\js\\main.js\""

SHA256(main.js):0525ebdaaa33ff83daa6d99c0abb222f1da546ad97c2ddf2115f64e5252b5b4c

"path": "C:\\Windows\\System32\\cmd.exe"

"cmdline": "C:\\WINDOWS\\system32\\cmd.exe /d /s /c \"schtasks /create /tn \"Launch Adobe CCXProcess\" /tr \"\\\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\CCXProcess.exe\\\"\" /sc daily /st 09:05 -f\""

SHA256(CCXProcess.exe)a80c961a85f1c7ef8042606524ad5787b7e7c5245d7e7afd4da5d4e737b64aaa

 

Interestingly, this is the first time I've seen this detection. Creative Cloud has been installed on a some devices for years.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Andrea Bezziccheri

    Hello.

    Assuming this is a false positive, what is the recommended action plan?

    Add some sort of exclusion to Sophos Central?

    Or will there be a change to the detection rules by SOPHOS (which will be received by the endpoints in one of the next updates), after having analyzed the behavior of the ADOBE application involved?

    Thanks and regards.
    Andrea Bezziccheri
Children
No Data
Unfiltered HTML