Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

Issue abstract: Norton 360 Behavioral Protection detects an IDP.Generic attack that makes PSExpressBroker.exe a HIGH RISK threat. File is component of Adobe Photoshop Express (APE) application. APE will not run without this file.

Detailed description: I installed Adobe Photoshop Express (APE, free application from Adobe with Microsoft account) in late December 2025. APE had run OK with no warnings from Norton 360 until today (1/7/26) when N360 issued a “Threat detected” message related to this app upon a cold startup (APE not set to run on startup). The threat name was “IDP.Generic” (i.e., any of various identity theft malware). Websearching indicates this is likely a false positive, but one cannot be certain without further testing (which I cannot do). I did follow through with a quarantine of the file and then a full system scan that showed not threats. But, consequently, APE willl not run. I suppose I could delete and reinstall APE rather than release the .exe file from quarantine to be safe, but I am out of my knowledge depth here. If the detection is a false positive, the same “detection” will likely occur again, right? Clipboard copies of screenshots follow. Note: Clicking on “More info” in the “Threat detected / Origin” window generated an “HTTP STATUS 400 BAD REQUEST” error. Thanks for any help, advice, or information.

Product & version number: Norton 360: version (AV module) 25.12.10659 (build 25.12.10659.961)

OS details: Windows 11 Home 25H2 OS build 26200.7462

What is the error message you are seeing? Possible false positive + “HTTP STATUS 400 BAD REQUEST” in “Threat detected / Origin” window,

If you have any supporting screenshots, please add them:

Details

Threat name: IDP.Generic
Threat type: Miscellaneous - This is an app that you may have unknowingly installed and that may harm your computer performance.
Status: Threat detected
Detected by: Behavioral Protection
On PC from: 1/7/26, 10:41 AM
Last Used: 1/7/26, 4:59 PM
Startup Item: No

Many users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 20 days ago.

High
The file risk is high.

Origin

Location: local://*C:\Windows\System32\svchost.exe local://*C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.6893_none_a4fec8997769ca80\TiWorker.exe

Activity

Path | Type | Status
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\PSExpressBroker.exe | File | Repaired
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\PSExpressBroker.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\ExpressPrtScBackgroundApp.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRWindowsClientService.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRLogTransport.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRLogTransport.exe | Process | Terminated
C:\Windows\System32\conhost.exe | Process | Terminated
C:\Windows\System32\conhost.exe | Process | Terminated