• Welcome to the Lightroom Queen Forums! We're a friendly bunch, so please feel free to register and join in the conversation. If you're not familiar with forums, you'll find step by step instructions on how to post your first thread under Help at the bottom of the page. You're also welcome to download our free Lightroom Quick Start eBooks and explore our other FAQ resources.
  • Stop struggling with Lightroom! There's no need to spend hours hunting for the answers to your Lightroom Classic questions. All the information you need is in Adobe Lightroom Classic - The Missing FAQ!

    To help you get started, there's a series of easy tutorials to guide you through a simple workflow. As you grow in confidence, the book switches to a conversational FAQ format, so you can quickly find answers to advanced questions. And better still, the eBooks are updated for every release, so it's always up to date.

LR Classic, Encryption, and Ransomware?

Status
Not open for further replies.
M

mainefitz

New Member
Premium Classic Member
Premium Cloud Member
Joined
Mar 19, 2021
Messages
8
Lightroom Version Number
12.1
Operating System
  1. macOS 12 Monterey
Since running Lightroom Classic version: 12.1 [ 202212072312-d7ab524b ] on a M1 MacBook Pro with macOS (Monterey) 12.6.1, I've received periodic warnings about ransomware in LRC....

Sophos generates email warnings that read:

"Ransomware Protection detected ransomware activity from ∕Applications∕Adobe Lightroom Classic∕Adobe Lightroom Classic.app∕Contents∕MacOS∕Adobe Lightroom Classic"

Checking the Dashboard in the Sophos Home app it says:

" Ransomware blocked ...An application was prevented from encrypting a number of files.... ∕Applications∕Adobe Lightroom Classic∕Adobe Lightroom Classic.app∕Contents∕MacOS∕Adobe Lightroom Classic.... Did we get this wrong?.... Unblocking this file is not recommended.... (and then the option is provided) Allow and Unblock"

Lightroom apparently continues to function normally.

The warnings went away when I reverted to an earlier version, but returned when I reinstalled LRC 12.1

Has anyone else seen this behavior? I'm assuming that this is an anomaly in the Sophos product rather than something hiding in the Adobe software coding ...but anyone have any thoughts or suggestions?

Thanks!
Pete
 
Sort by date Sort by votes
Check your catalog backups. If they are not zipped, then that’s what Sophos blocked.
 
Upvote 0 Downvote
Johan, interesting thought.

I was going to suggest re-installing 12.1, but the OP seems to have already done that to no avail.

I don't use Sophos, but I've never gotten such a warning through Norton 360, but maybe it doesn't even look for that sort of malware.
 
Upvote 0 Downvote
Interesting suggestions....

However, Catalog backups are still zipped....; and yes 12.1 was reinstalled.... And for what it is worth, scans with Malwarebytes 4.17.8 are negative.

Further thoughts or suggestions?

Thanks!
 
Upvote 0 Downvote
Most likely the heuristics of Sophos suspect Lr. You will need to contact Sophos, they should then add a special exception for Lr.

Tim
 
Upvote 0 Downvote
I would think Sophos would would name the suspect file which you could then search. If you have malware, it probably was injected into the Lightroom folder.
 
Upvote 0 Downvote
I use MALWARE Bytes and have not been warned about Adobe products. You may want to check out this Sophos Link on dealing with false positives.
 
Upvote 0 Downvote
Paul_DS256 said:
I use MALWARE Bytes and have not been warned about Adobe products. You may want to check out this Sophos Link on dealing with false positives.
Click to expand...
Me too. Check for updates and run it every few weeks or so. Since switching to Mac 10 years ago I have never seen one malware.
 
Upvote 0 Downvote
Califdan said:
Johan, interesting thought.

I was going to suggest re-installing 12.1, but the OP seems to have already done that to no avail.

I don't use Sophos, but I've never gotten such a warning through Norton 360, but maybe it doesn't even look for that sort of malware.
Click to expand...
@Califdan,

I'm pretty sure that Norton (at least the PAID version of the full suite) does look for ransomware. The issue with blocking ransomware is the so-called "zero days" malware vectors. These are various ways of installing malware on your system which in a way of speaking, were just released "today," for which a countermeasure has not yet been developed by the security vendors.

It's an arms race, and I'm afraid the bad guys are winning. Especially since a lot of ransomwware comes out of Russia, and the authorities there turn a blind eye to it, despite the issue beinbg raised many times with them. Notably, some ransomware will not install if it detects a Russian language installation. There is speculation that the FSB even works with the ransomware gangs to attack critical resources in Western countries.
 
Upvote 0 Downvote
All good points, thanks everyone!

Given that all my installations come via Adobe's Creative Cloud app, AND that my Malwarebytes hasn't seen a problem...I'm fairly comfortable that this is some sort of false positive in the Sophos code. I'll run thru the steps in the link which Paul provided just to be sure...

Thanks again,
Pete
 
Upvote 0 Downvote
Status
Not open for further replies.
Back
Top