Hello everyone,
Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud?
"parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe"
SHA256(node.exe): 17fd75d8a41bf9b4c475143e19ff2808afa7a92f7502ede731537d9da674d5e8
"parent_cmdline": "\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe\" \"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\js\\main.js\""
SHA256(main.js):0525ebdaaa33ff83daa6d99c0abb222f1da546ad97c2ddf2115f64e5252b5b4c
"path": "C:\\Windows\\System32\\cmd.exe"
"cmdline": "C:\\WINDOWS\\system32\\cmd.exe /d /s /c \"schtasks /create /tn \"Launch Adobe CCXProcess\" /tr \"\\\"C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\CCXProcess.exe\\\"\" /sc daily /st 09:05 -f\""
SHA256(CCXProcess.exe): a80c961a85f1c7ef8042606524ad5787b7e7c5245d7e7afd4da5d4e737b64aaa
Interestingly, this is the first time I've seen this detection. Creative Cloud has been installed on a some devices for years.
Updated the tags
[edited by: Gladys at 12:13 PM (GMT -8) on 6 Mar 2024]
