Protected Mode Whitelist Policy Not Working Fully

New Here ,
Mar 02, 2021 Mar 02, 2021

Copy link to clipboard

Copied

My team is trying to bypass Protected Mode in Reader DC for a single application using a policy file and being met with failure. The policy file is working and Protected Mode is dropping a log file that is listing what is blocked with recommendations on what to allow through for each blocked entry.

 

My policy:

FILES_ALLOW_ANY = %ProgramFiles(x86)%\Create!form*
FILES_ALLOW_ANY = C:\BottomLine Technologies, Inc*
FILES_ALLOW_ANY = SERVERNAME\Create!form
FILES_ALLOW_ANY = CfOWMergeTemp
PROCESS_ALL_EXEC = %ProgramFiles(x86)%\Create!form*
SECTION_ALLOW_ANY = *CfOWHelper.dll
REG_ALLOW_ANY = *CurrentControlSet\Control\Print\Printers*

 

Everything else but SECTION_ALLOW_ANY works perfectly fine to bypass Protected Mode. I have even tried SECTION_ALLOW_ANY = * alone in a policy file and sections are still being blocked according to the log files being dropped by Protected Mode.

 

I have tried including the full file paths of the DLL, but I still see the same error message in the log file. CfOWHelper.dll is not included as part of KnownDlls32 from what I can see in the registry and WinObj from SysInternals.

 

SECTION_ALLOW_ANY = C:\Program Files (x86)\Create!form\Plugin\CfOWHelper.dll
SECTION_ALLOW_ANY = C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\CfOWHelper.dll

 

Does anyone have any experience with this?

TOPICS
General troubleshooting

Views

67

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation