Define Protected View Options

Report · Jun 14, 2017

Hi Adobe

I have recently deployed Acrobat Reader DC to my company and we have Protected View set to All files by default however, the end user is able to modify that setting. I have been exploring the possibility of controlling this setting by a registry key via Group Policy which is easy enough. But I haven't been able to find anything that defines what "Files from protentially unsafe locations".

Are you able to provide me with what a potentiall unsafe location is please?

Report · Jun 15, 2017

[Question moved to Enterprise Deployment (Acrobat and Reader) ]

Report · Jun 15, 2017

It's a very basic definition but it's defined in the Adobe Customization Wizard DC's Help documentation.

Security — Acrobat Customization Wizard DC for Windows

Protected Viewhttp://www.adobe.com/devnet-docs/acrobatetk/tools/Wizard/WizardDC/security.html#protected-view

Protected View (PV) is a highly secure “super-sandbox” that is essentially a read-only mode. In Protected View, all features are disabled except those associated with viewing (e.g., zoom, navigation, links, find, etc.). Users must select Enable all features if they wish to do anything more than read the PDF. This action assigns trust and adds the document to the users’ list of Privileged Locations. PV behaves identically for Acrobat and Reader whether viewing PDFs in a browser or in a standalone product.

Note

In Reader 11.0, Protected View is only supported when Protected Mode is enabled. There can by no HKCU or HKLM Protected Mode registry preference set to 0 (off) when Protected View is enabled.

There are three configuration options:

Off: Disable Protected View.
Files from potentially unsafe locations: Open files from the internet or other unknown (and therefore untrusted) sources in Protected View.
All files: Open all files in Protected View.

Protected View configuration

Report · Sep 20, 2018

Files from potentially unsafe locations: Open files from the internet or other unknown (and therefore untrusted) sources in Protected View.

this is a very simplistic answer, and doesn't seem to be answering the question.

Does this mean all files from the internet are viewed as unsafe? if said file is downloaded to the downloads folder, is it still unsafe? what if it's downloaded to documents?

If i download a pdf from the internet, and keep it in my documents, will i constantly have this file flagged?

how does adobe reader determine if the file is unsafe? is it based on the location of the file (IE, what folder it's in), or based on a characteristic of the file in question, and if that's the case, how does it identify that characteristic.

Report · Sep 20, 2018

Read the ETK's Sandbox Protections section for a little more detail.

Report · Sep 21, 2018

That actually helps to customize the zones, but I can't get it to apply to Windows 7 (and It doesn't explain what the default settings are, only how to customize it).

When I do try to create a custom whitelist, I experience the same issue I am experiencing when using the custom wizard, it seems that the HKLM registry settings have no effect on the application. I created a separate posting at Adobe Reader 2017 privileged locations not working , but in general, it seems changes make in the HKLM hive are not being applied, including the ProtectedModeWhitelistConfig.txt that the sandbox protections uses (but the HKCU settings are, so manual changes do work).

Have you confirmed that it actually works? I can see the keys present in the registry, but the application is ignoring them.

Define Protected View Options

Protected Viewhttp://www.adobe.com/devnet-docs/acrobatetk/tools/Wizard/WizardDC/security.html#protected-view

li.media.uploader-dialog.title