Adobe 12001196 - Acrobat - Mac Manual page 10

Section 2 Protected View
3. Create tBrokerLogfilePath.
4. Right click on tBrokerLogfilePath and choose Modify.
5. Set the value. For example: C:\DOCUME~1\<username>\LOCALS~1\Temp\BrL4FBA.tmp
Policy logging for a policy violation:
[08:12/13:46:16] real_path: \BaseNamedObjects\ZonesCacheCounterMutex
[08:12/13:46:16] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[08:12/13:46:16] NtCreateMutant: STATUS_ACCESS_DENIED
[08:12/13:46:16] real_path: \BaseNamedObjects\ZonesLockedCacheCounterMutex
[08:12/13:46:16] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[08:12/13:46:16] NtCreateKey: STATUS_ACCESS_DENIED
[08:12/13:46:16] real path: \REGISTRY\USER\S-1-5-21-762979615-2031575299-929701000-51250\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[08:12/13:46:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[08:12/13:46:16] NtCreateKey: STATUS_ACCESS_DENIED
[08:12/13:46:16] real path: \REGISTRY\USER\S-1-5-21-762979615-2031575299-929701000-51250\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[08:12/13:46:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY
2.2.5 Policy configuration
Protected view prevents a number of actions which IT can bypass by creating a white list of allowed
actions. The component that reads these policies is called a "broker." The broker performs actions based
on those policies, and when an admin provides a properly configured policy file, the broker can bypass the
application's default restrictions.
The broker first reads and applies all custom policies prior to applying the default policies. Since custom
policies take precedence, they are useful for fixing broken workflows, supporting third party plug-ins, and
cases where an unsupported machine configurations cause the Protected Mode to impair required
functionality.
Configurable policies have two requirements:
• They must reside in the Reader install directory adjacent to the AcroRd32.exe in the install folder:
D:\Program Files (x86)\Adobe\Acrobat
• The name of the policy file must be ProtectedModeWhitelistConfig.txt.
2.2.5.1 Enabling custom policies
To allow the application to read and use a policy file, registry configuration is required. To enable policy
files:
1. Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\10.0\FeatureLockDown.
2. Right click and choose New > DWORD Value.
3. Create bUseWhitelistConfigFile.
4. Right click on bUseWhitelistConfigFile and choose Modify.
5. Set the value to 1 to enable the white list.
2.2.6 Verifying PV is on
While you can verify whether the application has Protected View enabled by viewing the Enhanced
Security panel, it is also possible to verify the document you are currently viewing is subject to Protected
View's protections.
Note
Page 6
10.0\Acrobat\
Application Security Guide
Section 2 Protected View