Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 20 subscribers
  • Views 4749 views
  • Users 0 members are here
Options
Suggested

WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1 - Adobe Creative Cloud

Jonas Stadler

Hello everyone,

Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud?

"parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe"

SHA256(node.exe)17fd75d8a41bf9b4c475143e19ff2808afa7a92f7502ede731537d9da674d5e8

"parent_cmdline": "\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe\" \"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\js\\main.js\""

SHA256(main.js):0525ebdaaa33ff83daa6d99c0abb222f1da546ad97c2ddf2115f64e5252b5b4c

"path": "C:\\Windows\\System32\\cmd.exe"

"cmdline": "C:\\WINDOWS\\system32\\cmd.exe /d /s /c \"schtasks /create /tn \"Launch Adobe CCXProcess\" /tr \"\\\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\CCXProcess.exe\\\"\" /sc daily /st 09:05 -f\""

SHA256(CCXProcess.exe)a80c961a85f1c7ef8042606524ad5787b7e7c5245d7e7afd4da5d4e737b64aaa

 

Interestingly, this is the first time I've seen this detection. Creative Cloud has been installed on a some devices for years.



Updated the tags
[edited by: Gladys at 12:13 PM (GMT -8) on 6 Mar 2024]
Parents
  • 0

    Thanks to those who reported this. SophosLabs has a new detection release going out soon that should avoid generating these Creative Cloud high-risk detections during normal use.

    Going forward, the SophosLabs team is discussing how best to allow customers to submit concerns about "noisy" detection rules. In addition, we have a feature on the XDR roadmap that will allow customers to suppress detections they don't want to keep seeing. This is currently projected to ship next quarter (April to June), though roadmaps are always subject to change.

Reply
  • 0

    Thanks to those who reported this. SophosLabs has a new detection release going out soon that should avoid generating these Creative Cloud high-risk detections during normal use.

    Going forward, the SophosLabs team is discussing how best to allow customers to submit concerns about "noisy" detection rules. In addition, we have a feature on the XDR roadmap that will allow customers to suppress detections they don't want to keep seeing. This is currently projected to ship next quarter (April to June), though roadmaps are always subject to change.

Children
No Data
Unfiltered HTML