Please forward this error screen to 198. Ben Rogers, Adobe Systems, Inc. Read policy changes for 11. It transparently how to unsecure an adobe pdf users against attacks by sandboxing application processes.
Protected Mode is one of the most powerful features in Reader’s security arsenal. Note that many dot releases have NOT included a Reader update for Windows because the application is not subject to many vulnerabilities when Protected Mode is enabled. 0, Protected View is only supported when Protected Mode is enabled. For application developers, sandboxing is a technique for creating a confined execution environment for running untrusted programs.
PDF and the processes it invokes. When Reader sandboxing is enabled, Reader assumes all PDFs are potentially malicious and confines any processing they invoke to the sandbox. A sandbox limits, or reduces, the level of access its applications have. For example, creating and executing files and modifying system information such as certain registry settings and other control panel functions may be prohibited.
If a process P runs a child process Q in a sandbox, then Q’s privileges would typically be restricted to a subset of P’s. For example, if P is running on a system, then P may be able to look at all processes on the system. Q, however, will only be able to look at processes that are in the same sandbox as Q. Barring any vulnerabilities in the sandbox mechanism itself, the scope of potential damage caused by a misbehaving Q is reduced.
Thus, processes that could be subject to an attacker’s control run with limited capabilities and must perform actions such as reading and writing through a separate, trusted process. Protected Mode introduced in Reader. While different users will have different security needs, casual users who interact with PDFs in unsecure environments should enable Protected Mode all the time. When you want to use an unsupported feature such as Accessibility on XP. In enterprise settings where PDF workflows are entirely confined to trusted environments under an administrator’s control.
If you have third-party or custom plugins that cause issues when running in Protected Mode. For example, some workflows that use ActiveX plugins may not work by default. Choose whether or not you would like to have a log file created. The application uses an internal key. The actual key does not exist by default and so does not appear until the key is manually created.
PM is designed to protect users transparently and without impacting other features. Protected Mode sandboxing cannot be disabled for shell extensions. For example, when you use Windows Explorer to preview a PDF in the Preview Pane, it starts a Reader process to display the preview. Logging is available for users who need to troubleshoot problems where a workflow or plugin does not work when Protected Mode is enabled. The log may provide guidance as to whether a custom policy file should be used to re-enable broken workflows or plugins. Open the process explorer or task manager. When protected mode is on, two reader processes run.