Securing Adobe Acrobat

5 Pro Tips for Making Adobe Acrobat More Secure

Weaponized PDFs are on the rise, here are 5 tips for making Adobe Acrobat more secure.

Securing Adobe Acrobat is a critical part of securing endpoints in your organization. Think about all of the PDF documents users download from the internet, and receive via email. The risk of a user receiving a malicious PDF is relatively high, to limit the damage that can be done by malicious PDFs some basic security related configurations should be deployed throughout your environment to secure Adobe Acrobat.

“Malware authors weaponized more Adobe software vulnerabilities in 2018 than any previous year while the actual number of newly disclosed security flaws in the company’s products dropped significantly since reaching an all-time-high in 2016.”

Jai Vijayan for Dark Reading

1: Keep Adobe Acrobat Updated (Obvious but not always easy)

This is easy to accomplish if we are talking about your personal pc as is evident in these instructions but in a business this can be challenging however it isn’t impossible as shown in this set of instructions by Tames McTigue where group policy is used to update Adobe Acrobat. Other options are also available such as SCCM as demonstrated here by Prajwal Desai.

2: Prevent Adobe Acrobat from opening non PDF and FDF files

Believe it or not by default you can open .exe .bat and many other potentially dangerous file types with Adobe Acrobat. To prevent this from occurring you can follow this set of instructions from Adobe. Folks using group policy to manage their Adobe Acrobat deployments should navigate to the following path to prevent Acrobat from opening non PDF and FDF files: Computer Configuration > Administrative Templates > Adobe Reader DC Continuous > Preferences > Trust Manager > ‘Allow opening of non-PDF file attachments with external applications’ and set it to ‘Disabled’.

3: Enable Protected View and Protected Mode

By enabling protected view, Adobe Acrobat automatically opens files from untrusted sources in a sand box thus reducing their security risk. Protected mode also provides a sandbox, preventing malicious PDF files from launching executable files, and writing to parts of your system such as the registry. Individuals and IT admins can accomplish this by following this set of instructions.

4: Enable Enhanced Security Mode

Adobe Acrobat’s Enhanced Security Mode protects your computer against threats by blocking risky actions that effect trusted locations and files. Risky actions include cross domain access, script injection, data injection, and the execution of high privilege scripts. Instructions on enabling enhanced security mode are available here.

5: Restrict Flash Content

Flash is a popular way of installing malware onto systems via the web however flash can also be embedded into PDF documents, thus opening the door to your system being compromised. To prevent this, flash content can be restricted by modifying the “bEnableFlash” registry key as shown here.

Conclusion

The above list is by no means comprehensive, however it is a good start. We recommend that you follow the available DISA STIG (Security Technical Implementation Guide) for your version of Adobe Acrobat to help secure your Adobe Acrobat deployments. A whole library of Security Technical Implementation Guides are available at the DISA website.

How we can help:

Our staff has extensive experience locking down and securing endpoints, servers, and network devices as well as software like Adobe Acrobat. We can work with you to select, document, and implement a wide range of secure configurations to protect your assets. Feel free to shoot us an email at contact@desiredoutcomesllc.com Visit our About Us page to learn more.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Reach out for a free consultation

The below button will take you to a google form, once submitting a consultant will reach out to you.