Internet Access; Certified Document Trust - Adobe 12001196 - Acrobat - Mac Manual

Application Security Guide
9.1.7 Wildcard and host trust
10.x products support the use of wildcard matching of subdomain components for trusted host URLs. For
example, for a basic URL of a.b.c.adobe.com, you can wildcard on all of a, b, or c. It is required that at
least the first subdomain is specified (adobe in this case). So *.corp.adobe.com or
11lcforms.*.adobe.com`` works, but *.forms.corp.adobe.com or lcforms.corp.*.com will not.
9.1.8 Trusting IE trusted sites
You can also elevate Trusted Win OS zones to privileged locations since these are already under IT
control. Prior to 10.1.2/9.5, bTrustOSTrustedSites provided trust for Trusted Sites. With these
versions, trust is also extended to Local Intranet Zones. Privileged location support is evolving rapidly, so
pay attention to the version.
To make Internet Explorer's trusted sites and zones behave as PLs:
1. Go to Preferences > Security (Enhanced).
2. Check Automatically trust sites from my Win OS security zones.
3. Choose OK. This options sets:
[HKEY_CURRENT_USER\Software\Adobe\<product name>\<version>\TrustManager]
"bTrustOSTrustedSites"=dword:00000001
9.1.8.1 Locking IE trusted sites
Windows OS trust can be locked so that users can't change the setting via the UI as follows by setting
bDisableOSTrustedSites as follows:
• 0: Disables trusting sites from IE and locks the feature.
• 1: Enables trusting sites from IE and locks the feature.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown]
"bDisableOSTrustedSites"=dword:00000000

9.2 Internet access

URLs can be blocked or allowed globally, or URL-specific settings can be created. See
access for details.

9.3 Certified document trust

11.0 introduces the ability to elevate any certified document to a privileged location for the Windows and
Macintosh versions of Reader and Acrobat. When set, certified documents become trusted for exemption
from the same security restrictions from which other privileged locations are exempt. Note the following:
• The PDF's certification signature must be valid and chain to a trusted root.
• The setting is off by default.
• The one exception to such trusted PDF's parity with privileged locations is that this level of trust
does not apply when the PDF is viewed in Protected View.
To enable this feature:
1. Choose Edit > Preferences (Windows) or (application name) > Preferences (Macintosh).
2. Select Security (Enhanced) in the Categories panel.
3. Check Automatically trust documents with valid certification. This sets:
Section 9 Trust Methods
Section 9 Trust Methods
8.1 Internet
Page 89