Detections
Analytics

ARDC-CN-000015 - Adobe Reader DC must enable Protected Mode.

Information

A threat to users of Adobe Reader DC is opening a PDF file that contains malicious executable content.

Protected mode provides a sandbox capability that prevents malicious PDF files from launching arbitrary executable files, writing to system directories or the Windows registry.

This isolation of the PDFs reduces the risk of security breaches in areas outside the sandbox.

Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210

Solution

Configure the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown

Value Name: bProtectedMode
Type: REG_DWORD
Value: 1

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Reader_DC_Continuous_V2R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), 800-53|SC-18(3), 800-53|SC-18(4), CAT|II, CCI|CCI-001166, CCI|CCI-001169, CCI|CCI-001170, CCI|CCI-001662, CCI|CCI-001695, Rule-ID|SV-213170r395811_rule, STIG-ID|ARDC-CN-000015, STIG-Legacy|SV-79413, STIG-Legacy|V-64923, Vuln-ID|V-213170

Plugin: Windows

Control ID: 092406ab72f63bc47a4dc2f5c44688893b863f2de42da76ffafceb92e8015086