Copy link to clipboard
Copied
Can anyone tell me what this means I need to add to my whitelist?
I tried these but they don't work.
MUTANT_ALLOW_ANY = *
SECTION_ALLOW_ANY = *
SECTION_ALLOW_ANY = \KnownDlls32\*
REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\SOFTWARE\Adobe
REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe
REG_ALLOW_ANY = HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral
FILES_ALLOW_ANY = %USERPROFILE%*
FILES_ALLOW_ANY=C:\Users\%USERNAME%\AppData\Local\Adobe\Acrobat\DC*
Log Contents:
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \KnownDlls32\MSCTF.dll
[12:17/12:16:37] Consider modifying policy using this policy rule: SECTION_ALLOW_ANY
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \Sessions\2\Windows\ThemeSection
[12:17/12:16:37] Consider modifying policy using this policy rule: SECTION_ALLOW_ANY
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \Windows\Theme1408509041
[12:17/12:16:37] Consider modifying policy using this policy rule: SECTION_ALLOW_ANY
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \Sessions\2\Windows\Theme358508073
[12:17/12:16:37] Consider modifying policy using this policy rule: SECTION_ALLOW_ANY
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \KnownDlls32\TextInputFramework.dll
[12:17/12:16:37] Consider modifying policy using this policy rule: SECTION_ALLOW_ANY
[12:17/12:16:37] NtOpenSection: STATUS_ACCESS_DENIED
[12:17/12:16:37] real_path: \KnownDlls32\CoreUIComponents.dll
Copy link to clipboard
Copied
Hi KMIN
Could you solve your problem?
I have the same problem and I can't find how to add "\KnownDlls32\MyDll.dll" to "SECTION_ALLOW_ANY"
Copy link to clipboard
Copied
Where does this requirement come from? It's very detailed, presumably some web site somewhere has instructions. Is there a link?
Copy link to clipboard
Copied
This is related to the Protected mode in Acrobat:
https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/sandboxprotections.html
You can create a Whitelist and allow acces to the .exe and the folders with an absolute path like "%windir%\System32\calc.exe".
It works with FILES_ALLOW_ANY and PROCESS_ALL_EXEC, but I can't find a way to make it work with SECTION_ALLOW_ANY.
The log can be created with this configuration:
You can view the log with the "View log" button.