Edion Gecos Posted April 21, 2021 Share Posted April 21, 2021 (edited) (I hope this is the right section to post this...) Today I was very surprised to get a notification from the IT department of my institution that they in turn had received a call from Adobe about some "illegal use of Adobe Software" that could be traced to the IP address of my section of the office! (They mentioned "Illustrator", which I don't use, but it may be also some other stuff like Acrobat DC). They asked me if it would be possible to come and inspect my computer directly, which I politely declined (being busy right now, general need to keep Covid distancing etc.), but of course the whole incident worries me a bit... How did this even happen? Is there a way to prevent such intrusion (maybe via host or other means) without jeopardizing my normal daily "workflow"? I see that an "Adobe Genuine Software Service" and "Adobe Genuine Software Integrity Service" are running in the background. Would it be OK to permanently disable both services? (There is also the "Adobe Acrobat Update Service" and the "AcroTray" - but at least the latter is necessary to convert documents into PDF.) By the way, I am usually connected to Proton VPN - except for a few rare occasions when necessary to use certain webtools, but then I don't use any Adobe software simultaneously... Any help/info on this would be very appreciated! Edited April 21, 2021 by Edion Gecos typos Akaneharuka 1 Quote Link to comment Share on other sites More sharing options...
Akaneharuka Posted April 21, 2021 Share Posted April 21, 2021 (edited) Did you use VPN before you download Acrobat ? Maybe they just went to see the old log of their server ? Btw, Did you really sure that call is really from Adobe not just a scam ? don`t let any person touch your computer without you see what they are doing Edited April 21, 2021 by Akaneharuka Grammar Edion Gecos and Volcomuser 2 Quote Link to comment Share on other sites More sharing options...
Edion Gecos Posted April 21, 2021 Author Share Posted April 21, 2021 3 hours ago, Akaneharuka said: Did you use VPN before you download Acrobat ? Maybe they just went to see the old log of their server ? Btw, Did you really sure that call is really from Adobe not just a scam ? don`t let any person touch your computer without you see what they are doing I am really not sure what happened here... The IT department contacted me (that is legitimate), but I don't know who called them... ... and they specifically said the claim was traced to the IP used in this office, which is what concerns me Quote Link to comment Share on other sites More sharing options...
andy2004 Posted April 21, 2021 Share Posted April 21, 2021 sounds like a scam to me.. but to play it safe i would say yes you can after you shown me a warrant.. and proof that you work for ADOBE.. of course you could just EMAIL adobe directly and tell them. informing them you dont actually use the app they are referring to..and giving them the name of the person who contacted you etc, and see if they reply.. Shadowx and Edion Gecos 2 Quote Link to comment Share on other sites More sharing options...
DLord Posted April 21, 2021 Share Posted April 21, 2021 Any of the mentioned services could ping back home and reveal your IP. However, since you are not using the mentioned app, there is nothing to worry. Might be someone else in the office, if you are using a shared internet connection. But in any case, Adobe calling people based on app usage and IP address sound fishy to me! Shadowx and Edion Gecos 2 Quote Link to comment Share on other sites More sharing options...
jayballs Posted April 21, 2021 Share Posted April 21, 2021 Quote They mentioned "Illustrator", which I don't use, but it may be also some other stuff like Acrobat DC So they they guessed wrong. All I can think of is someone using a portable version of illustrator??? Quote They asked me if it would be possible to come and inspect my computer directly, which I politely declined Like by team viewer or something. Hell No. Or someone in person from adobe (supposedly) comes by with a rigged up usb stick as they see your company as a easy mark. or maybe the company hired a "RED TEAM" to analyze there own company like checking for misconfigurations, social engineering, and weak points in the company Just some ideas :) Edion Gecos 1 Quote Link to comment Share on other sites More sharing options...
Jogs Posted April 21, 2021 Share Posted April 21, 2021 I don't think some company would call up and say that they are visiting your place few days later to find out if you're doing anything wrong, they would have done that without notice. Edion Gecos 1 Quote Link to comment Share on other sites More sharing options...
Edion Gecos Posted April 25, 2021 Author Share Posted April 25, 2021 Thank you very much to everyone who took the time to reply to this thread. Just to further clarify what happened - according to several answers, it seems I did not explain clear enough - the IT department of my own organisation contacted me. I was not directly contacted by Adobe. That IT department is legitimate - I had contact with them before, called them back directly etc. -, but they apparently got contacted by Adobe with a claim of illegal software use that was traced back to my IP address (I'm not sure, but probably the IP was given by "Adobe" and our IT department knew it belongs to this office and contacted me). Since I declined that someone (from our IT department, not directly from Adobe) come and check my computer directly, I did not hear back from them and hope that is the end of this story. But I was (and am still a bit) worried about how something could be traced to this specific IP address... By the way, I now did permanently disable the "Adobe Genuine Software Service" and the "Adobe Genuine Software Integrity Service" from running in the background and so far there seems to be no problem in using Acrobat Pro DC (even the automatic update still worked as it downloaded version 2021.001.20150 a few days ago). I also set a "permanent kill switch" to my VPN so there is never a connection to the internet without the VPN being on, even during boot and shutdown of the computer. Keeping my fingers crossed that there is no other leak... Volcomuser 1 Quote Link to comment Share on other sites More sharing options...
nonspin Posted April 25, 2021 Share Posted April 25, 2021 Does your Company own any C-Cloud or Enterprise-Level Adobe-Licenses ? If yes, then Adobe will actually call your Company, not to press charges or whatever .. it's Enterprise-Level-Support - to inform You. It's part of the service-package. if not, .. then your IT-Department is as 'questionable' as every other possible reason. The very first thing i'd do is to pull every single log ... especially Call-Logs and statements (in writing) from the IT-Department .. who, when, what .. as detailed as possible Once you have a timeline, pull the Network-Logs with focus on Login-Sessions -> Adobe-IDs My hunch though .. focus on the IT-Department first, because if Adobe would infact call for legal reasons - they wouldn't talk to the IT-Dept. You wouldn't get a call either .. like they have the time or resources to trace individuals for 'illegal-usage' ? C'mon. regards Edion Gecos and petruk 2 Quote Link to comment Share on other sites More sharing options...
vyzzer Posted April 27, 2021 Share Posted April 27, 2021 Hi Edion Gecos Inform your IT Department that just an IP address is not enough evidence to establish a reasonable suspicion that your institution has committed a crime for illegal use of Adobe Software. Adobe would need substantial amounts of other evidence otherwise the matter would not even get to court just based on knowing an IP address. Whatever you do, please do not permit Adobe to come and inspect your computer because they are on a fishing expedition to collect evidence to incriminate you and your institution. Your IT Department can only allow them to come and inspect your computer if they could bring along with them a court order compelling you and/or institution to do so. Regards. petruk, donkey-girl, Volcomuser and 3 others 6 Quote Link to comment Share on other sites More sharing options...
Volcomuser Posted April 30, 2021 Share Posted April 30, 2021 On 4/21/2021 at 5:01 AM, Edion Gecos said: and they specifically said the claim was traced to the IP used in this office, which is what concerns me wow dude, thats scary me a lot, oh boy Whi5t1eR and Edion Gecos 1 1 Quote Link to comment Share on other sites More sharing options...
FlyLowrie Posted June 1, 2021 Share Posted June 1, 2021 I don't think you need worry about it. Like my school, the whole school computer is installed with pirated Acrobat. I'm disgusted that the school is installing pirated software on all the computers. It has been installed for a long time but has not received any inquiries and warnings from Adobe, nor has there been any problem. Quote Link to comment Share on other sites More sharing options...
xkryptonx Posted June 2, 2021 Share Posted June 2, 2021 Let legal or pirated issue aside, there has been multiple instances when a software calls to its parent company creating trouble for the users. The only way is to ensure and control the apps connectivity to the internet. The best way to do so, besides using fail proof kill-switch on your vpn, is to use and advanced firewall which is able to control the apps connectivity to internet. I remember using ZoneAlarm firewall when i first got PC back in 2007 or so. You can use it to monitor and control all apps that tries to connect to the internet. You can configure it inform you in real time about each apps attempt to access to the internet and hence can check its progress. That will make things alot easier for you, and you will be able to check apps connectivity to internet in real time. Nuclear Fallout 1 Quote Link to comment Share on other sites More sharing options...
Arjun Posted July 5, 2021 Share Posted July 5, 2021 Does It Really Happen? Yes. In past 6 years Corel, Adobe and few others have contacted our IT multiply times. keyman 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.