Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

Issue abstract: Norton 360 Behavioral Protection detects an IDP.Generic attack that makes PSExpressBroker.exe a HIGH RISK threat. File is component of Adobe Photoshop Express (APE) application. APE will not run without this file.

Detailed description: I installed Adobe Photoshop Express (APE, free application from Adobe with Microsoft account) in late December 2025. APE had run OK with no warnings from Norton 360 until today (1/7/26) when N360 issued a “Threat detected” message related to this app upon a cold startup (APE not set to run on startup). The threat name was “IDP.Generic” (i.e., any of various identity theft malware). Websearching indicates this is likely a false positive, but one cannot be certain without further testing (which I cannot do). I did follow through with a quarantine of the file and then a full system scan that showed not threats. But, consequently, APE willl not run. I suppose I could delete and reinstall APE rather than release the .exe file from quarantine to be safe, but I am out of my knowledge depth here. If the detection is a false positive, the same “detection” will likely occur again, right? Clipboard copies of screenshots follow. Note: Clicking on “More info” in the “Threat detected / Origin” window generated an “HTTP STATUS 400 BAD REQUEST” error. Thanks for any help, advice, or information.

Product & version number: Norton 360: version (AV module) 25.12.10659 (build 25.12.10659.961)

OS details: Windows 11 Home 25H2 OS build 26200.7462

What is the error message you are seeing? Possible false positive + “HTTP STATUS 400 BAD REQUEST” in “Threat detected / Origin” window,

If you have any supporting screenshots, please add them:

Details

Threat name: IDP.Generic
Threat type: Miscellaneous - This is an app that you may have unknowingly installed and that may harm your computer performance.
Status: Threat detected
Detected by: Behavioral Protection
On PC from: 1/7/26, 10:41 AM
Last Used: 1/7/26, 4:59 PM
Startup Item: No

Many users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 20 days ago.

High
The file risk is high.

Origin

Location: local://*C:\Windows\System32\svchost.exe local://*C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.6893_none_a4fec8997769ca80\TiWorker.exe

Activity

Path | Type | Status
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\PSExpressBroker.exe | File | Repaired
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\PSExpressBroker.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\ExpressPrtScBackgroundApp.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRWindowsClientService.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRLogTransport.exe | Process | Terminated
C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.24.4.0_x64__ynb6jyjzte8ga\CRLogTransport.exe | Process | Terminated
C:\Windows\System32\conhost.exe | Process | Terminated
C:\Windows\System32\conhost.exe | Process | Terminated

Genau dasselbe Problem habe ich auch. Konntest du herausfinden, wie man mit der Meldung umgeht?

Norton hat die Bedrohung blockiert und in die Quarantäne verschoben.

Adobe Express Fotos öffnet sich nicht mehr.

177141695698476386849060493829591920×1446 373 KB

@rob.4 @Kerstin_Rehmann This is the AI generated information that is available:

*Do both of you currently have Adobe Photoshop Express installed? From what source if so? The MS Store shows last update to that program as 2/17/2026.

AI Overview

PSExpressBroker.exeis a legitimate executable file associated with Adobe Photoshop Express for Windows, acting as a supporting process that manages communication between the application and system services. It ensures the app runs correctly, handling tasks like licensing or background updates, and is not a critical Windows system file.

Key Details about PSExpressBroker.exe:

• Purpose: It manages internal communication for the Adobe Photoshop Express app.
• Safety: It is considered safe, though some security software may sometimes flag it generically (e.g., IDP.Generic).
• Context: It is part of the lightweight photo-editing software Adobe Photoshop Express, often used for quick editing
  .
• If not needed: If you do not use Adobe Photoshop Express, this process can safely be removed by uninstalling the application.

If this file is causing high CPU usage or issues, you can typically stop it by closing Photoshop Express or uninstalling the app, notes Adobe Community users.

The Adobe forums are NOT actively answering questions regarding this issue since 2024, I just reviewed them.

SA

OVERREACH by Norton. Out of the blue Norton just moved the entire exe file to quarantine. Should I delete it from Q or extract it from Q and otherwise do I have to reinstall.

I downloaded Adobe Express Photos directly from Adobe. Uninstalled and downloaded/reinstalled a couple of times. Each time the program worked for a few days, then Norton flagged and quarantined PBExpressBroker.exe. The app seemed useful, but I gave up and use other free, browser apps like PIXLR. Although AEP had some useful features, Norton prevents me from using it. Note the name change – Adobe Photoshop Express was rebranded Adobe Express Photos. Maybe try again soon to download and install – perhaps the problem has been resolved.