Solved: Adobe Creative Cloud File - Retrospective Quarantine Failure

John71357 · ‎10-22-2021

Hi All,

We are being bombarded with retrospective quarantine failure alerts on multiple Endpoints for a file that is part of Adobe Creative Cloud - we believe it is a false positive but cannot fetch copy of the file to sandbox and confirm - anyone else having this issue?

0dc2a84e33199c78d83110a5f009fbd46f15726c9791f5aaee89ade44cf585b6

30a73ff6e72699f5a5daf1961504adc79aa5bda3fb80339e75e554301bb2e53a

stealthmode · ‎10-23-2021

This was a false positive and has been rectified. The files are no longer being marked as malicious. You might have to wait a while for the endpoint cache to expire.

View solution in original post

Ken Stieers · ‎10-22-2021

Yep... the client install cleaned up the files, so I don't have any examples either.

SReed2020 · ‎10-22-2021

This is happening at my company too.

mblume · ‎10-22-2021

I am seeing this issue as well. Multiple detection events related to .aamdownload file extension, files located in temp. All files retro-quarantined failure due to them being temp and likely no longer available when the engine attempted to quarantine. Events are still actively happening.

SReed2020 · ‎10-22-2021

Now with all the Adobe Creative Cloud detections and subsequent quarantine failures, PCs are starting to be isolated!

A month or two ago, didn't we get a bunch of Adobe Creative Cloud false positives that an email was sent out about?

Brad.Shaw · ‎10-22-2021

You are correct @SReed2020 this did happen a couple of months ago as well. Super frustrating.

stealthmode · ‎10-23-2021

This was a false positive and has been rectified. The files are no longer being marked as malicious. You might have to wait a while for the endpoint cache to expire.