Multiple components of the Acrobat suite are writing to various sub-directories of Program Files (Adobe, Common Files\Adobe) as a user-mode process. In some cases, this is accommodated by modification to the default ACL model of the directories to allow the process to perform these writes, or it is relying on the UAC VirtualStore to re-direct the writes to a per-user location.

This is not the security model of Windows and these types of writes should either be going to the user's profile or \programdata\ when the permissions model supports this behavior natively. Having user-mode processes write to Program Files causes issues with sandbox and heuristic analysis security software as the behavior is functionally identical to arbitrary code execution vulnerabilities being successfully being leveraged against the program.