Adobe 12001196 Security Guide - Page 10

Modify, Policy logging for a policy violation, New > DWORD Value

Get Adobe 12001196 - Acrobat - Mac PDF manuals and user guides
UPC - 718659085742
View all Adobe 12001196 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 10 highlights

Section 2 Protected View Application Security Guide 3. Create tBrokerLogfilePath. 4. Right click on tBrokerLogfilePath and choose Modify. 5. Set the value. For example: C:\DOCUME~1\\LOCALS~1\Temp\BrL4FBA.tmp Policy logging for a policy violation: [08:12/13:46:16] real_path: \BaseNamedObjects\ZonesCacheCounterMutex [08:12/13:46:16] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY [08:12/13:46:16] NtCreateMutant: STATUS_ACCESS_DENIED [08:12/13:46:16] real_path: \BaseNamedObjects\ZonesLockedCacheCounterMutex [08:12/13:46:16] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY [08:12/13:46:16] NtCreateKey: STATUS_ACCESS_DENIED [08:12/13:46:16] real path: \REGISTRY\USER\S-1-5-21-762979615-2031575299-929701000-51250\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [08:12/13:46:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY [08:12/13:46:16] NtCreateKey: STATUS_ACCESS_DENIED [08:12/13:46:16] real path: \REGISTRY\USER\S-1-5-21-762979615-2031575299-929701000-51250\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [08:12/13:46:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY 2.2.5 Policy configuration Protected view prevents a number of actions which IT can bypass by creating a white list of allowed actions. The component that reads these policies is called a "broker." The broker performs actions based on those policies, and when an admin provides a properly configured policy file, the broker can bypass the application's default restrictions. The broker first reads and applies all custom policies prior to applying the default policies. Since custom policies take precedence, they are useful for fixing broken workflows, supporting third party plug-ins, and cases where an unsupported machine configurations cause the Protected Mode to impair required functionality. Configurable policies have two requirements: • They must reside in the Reader install directory adjacent to the AcroRd32.exe in the install folder: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ • The name of the policy file must be ProtectedModeWhitelistConfig.txt. 2.2.5.1 Enabling custom policies To allow the application to read and use a policy file, registry configuration is required. To enable policy files: 1. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\10.0\FeatureLockDown. 2. Right click and choose New > DWORD Value. 3. Create bUseWhitelistConfigFile. 4. Right click on bUseWhitelistConfigFile and choose Modify. 5. Set the value to 1 to enable the white list. 2.2.6 Verifying PV is on While you can verify whether the application has Protected View enabled by viewing the Enhanced Security panel, it is also possible to verify the document you are currently viewing is subject to Protected View's protections. Note Page 6 Section 2 Protected View

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
3. Create
tBrokerLogfilePath
.
4. Right click on
tBrokerLogfilePath
and choose
Modify
.
5. Set the value. For example:
C:\DOCUME~1\<username>\LOCALS~1\Temp\BrL4FBA.tmp
Policy logging for a policy violation:
[
08
:
12/13
:
46
:
16
] real_path:
\
BaseNamedObjects
\
ZonesCacheCounterMutex
[
08
:
12/13
:
46
:
16
] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[
08
:
12/13
:
46
:
16
] NtCreateMutant: STATUS_ACCESS_DENIED
[
08
:
12/13
:
46
:
16
] real_path:
\
BaseNamedObjects
\
ZonesLockedCacheCounterMutex
[
08
:
12/13
:
46
:
16
] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[
08
:
12/13
:
46
:
16
] NtCreateKey: STATUS_ACCESS_DENIED
[
08
:
12/13
:
46
:
16
] real path:
\
REGISTRY
\
USER
\
S
-1-5-21-762979615-2031575299-929701000-51250\
Software
\
Microsoft
\
Windows NT
\
CurrentVersion
\
Winlogon
[
08
:
12/13
:
46
:
16
] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[
08
:
12/13
:
46
:
16
] NtCreateKey: STATUS_ACCESS_DENIED
[
08
:
12/13
:
46
:
16
] real path:
\
REGISTRY
\
USER
\
S
-1-5-21-762979615-2031575299-929701000-51250\
Software
\
Microsoft
\
Windows NT
\
CurrentVersion
\
Winlogon
[
08
:
12/13
:
46
:
16
] Consider modifying policy using this policy rule: REG_ALLOW_ANY
2.2.5
Policy configuration
Protected view prevents a number of actions which IT can bypass by creating a white list of allowed
actions. The component that reads these policies is called a "broker." The broker performs actions based
on those policies, and when an admin provides a properly configured policy file, the broker can bypass the
application's default restrictions.
The broker first reads and applies all custom policies prior to applying the default policies. Since custom
policies take precedence, they are useful for fixing broken workflows, supporting third party plug-ins, and
cases where an unsupported machine configurations cause the Protected Mode to impair required
functionality.
Configurable policies have two requirements:
They must reside in the Reader install directory adjacent to the AcroRd32.exe in the install folder:
D:
\
Program Files (x86)
\
Adobe
\
Acrobat
10.0\
Acrobat
\
The name of the policy file must be
ProtectedModeWhitelistConfig.txt
.
2.2.5.1
Enabling custom policies
To allow the application to read and use a policy file, registry configuration is required. To enable policy
files:
1. Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\10.0\FeatureLockDown
.
2. Right click and choose
New > DWORD Value
.
3. Create
bUseWhitelistConfigFile
.
4. Right click on
bUseWhitelistConfigFile
and choose
Modify
.
5. Set the value to 1 to enable the white list.
2.2.6
Verifying PV is on
While you can verify whether the application has Protected View enabled by viewing the Enhanced
Security panel, it is also possible to verify the document you are currently viewing is subject to Protected
View's protections.
Note
Section 2
Protected View
Application Security Guide
Page 6
Section 2
Protected View