Microsoft Office runs a number software child processes on the regular. I will post the information from our alerts here for context as to why it is being seen as a security risk:
It looks like this new method is what is being deemed a risk by various AV products. I see you are now using Curl to make the http request between the plugin and the Zotero app. However we are receiving multiple email alerts every time someone is running Zotero 6.0.27. Jamf Protect isn't blocking the plugin like others have experienced on Cloud Strike since we haven't configured it to do this.
I am an admin at my institution and we use Jamf protect for AV.
Hi I just wanted to reignite this conversation.