14 Replies Latest reply: Aug 24, 2014 3:46 PM by pacocappacocap RSS

    Reader 9.3.2 security block

    bob:) Community Member

      Hi we recently updated Reader9.3.1 to Reader9.3.2

      (Reader9.3.1 worked just fine)


      This new issue pops up saying


      "(Security block) Acrobat does not allow connection to:

      http://www.webpage.gov/link/filename.pdf  "       <------------as an example, not a real address


      The way we got to 9.3.2:

      We used the working Reader9.3.1 and slipstreamed that with the new UpdateFile9.3.2.msp

      running command: msixec /a reader9.3.1.msi /p UpdateFile9.3.2.msp




        • 1. Re: Reader 9.3.2 security block
          brogers_1 Employee Hosts

          Hi Bob,


          What does "pops up new issue" mean? If you are getting a Yellow Message Bar on the top, choose the Options button and choose to trust that site.



          • 2. Re: Reader 9.3.2 security block
            Gregmann Community Member



            Did you ever find a resolution to this?


            We have the same problem.  A group policy deployment to 9.3.2 and now anyone who clicks on a url in a pdf gets the "(Security block) Acrobat does not allow connection to:"  notification.




            • 3. Re: Reader 9.3.2 security block
              brogers_1 Employee Hosts

              Your problem is that you have URL restrictions set in Trust Manager.


              1. Go to Edit > Preferences > Trust Manager > Internet Options.
              2. Allow all URLs or specify a list of allowed URLs.


              My guess is you have blocked all URLs. That is not the default setting.



              • 4. Re: Reader 9.3.2 security block
                testingxyz Community Member

                Got the same issue here.  We deploy via group policy using the customisation wizard to a few thousand desktops, so configuring by individual client obviously isn't an option.  I'm not seeing how to configure the internet access options in the customisation wizard, only the trusted source options.  Anyone know how to define a list of target URLs, (preferably wildcarded domains) that reader will allow users to click links to using the wizard?



                • 5. Re: Reader 9.3.2 security block
                  brogers_1 Employee Hosts

                  Any registry setting can be configured via the Wizard or GPO. To figure out how to configure the registry for what you want (or almost anything else), download AIM.


                  Here's the standard blurb:



                  There are new and updated resources that might help. A new Enterprise resource portal exists at http://kb2.adobe.com/cps/837/cpsid_83709.html . From there you can find the main enterprise libraries and tools. It links to an Enterprise Admin Guide (in its nascent stages but it's rapidly evolving) and the Administrator's Information Manager (AIM). AIM is an AIR application that contains several documents as well as a Preference Reference which documents a growing list of registry keys.





                  • 6. Re: Reader 9.3.2 security block
                    testingxyz Community Member

                    Thanks for your response Ben, I'll explore those resources.  If push comes to shove I'll crack out procmon and see where it is writing those settings to.



                    • 7. Re: Reader 9.3.2 security block
                      brogers_1 Employee Hosts

                      Hi again,


                      There's not much exploring to do. Simply open the preference reference, go to Trust Manager, and see what keys can be configured. It's a simple doc look up and key fix.



                      • 8. Re: Reader 9.3.2 security block
                        testingxyz Community Member

                        Perhaps not quite as simple as one might hope.  The documentation gives the path for iUnknownURLPerms and tHostPerms as HKCU\Software\Adobe\(product name)\(version)\TrustManager, whereas (finding that didn't work and looking on a non-managed machine) the actual path is HKCU\Software\Adobe\(product name)\(version)\TrustManager\cDefaultLaunchURLPerms.


                        The bit I can't get at the moment, and doesn't seem to be covered by the docs, is how to set a wild card, i.e. to allow access to all URLs in example.com.  Just adding something like *example.com doesn't seem to work. Any ideas?





                        • 9. Re: Reader 9.3.2 security block
                          brogers_1 Employee Hosts

                          Hi Phil,


                          You're right. The doc is both incomplete and incorrect. It will be fixed in a few days. Here is some additional information:


                          • iURLPerms is another key in the same location. Set to 2 for allow all and 3 for block all.
                          • There is no way to use a wildcard in the Trust Manager. The UI lets you do it, but it doesn't work.
                          • Therefore, there is no way to use wildcards for domains. It's an all or nothing situation unless you specify a white list of URLs.


                          Also note that while you can use * for Enhanced Security > Privileged locations, that is only for cross domain access and won't help you with simple URL access.



                          • 11. Re: Reader 9.3.2 security block
                            BackOfficeThinking Community Member

                            I found a second issue preventing the web page to load:


                            After I did changed my Trust Manager Settings, the problem persisted.


                            I opened to PDF in Adobe LifeCycle Designer and noticed that the URLs were mal formed. Any link that I created as http://www.backofficethinking.com. was converted to http:www.backofficethinking.com  (the // were removed).  I added them back, opened the file in acrobat pro and clicked on the Extend features link which made the form fillable and the // were removed again.  I then went back to Designer and changed the link to www.backofficethinking.com (no http://) , opened the file in acrobat pro and the links were correct.


                            I assume this is a bug in acobat pro?


                            I'm using adobe acobat pro 9.2

                            • 12. Re: Reader 9.3.2 security block
                              motleynutt Community Member

                              I fixed this "Security Block" issue. Sort of.

                              In registry editor: Current user\software\adobe\acrobatreader\"version"\Trustmanager\cdefaultlaunchURLperms, The name is thostperms. I deleted it and closed regeditor. Then went to the pdf and tried the link again. In perferences, under trust manager, It's now not greyed out but no matter which option I choose it always asks the first time I click a new link.

                              • 13. Re: Reader 9.3.2 security block
                                brogers_1 Employee Hosts

                                Did you try setting

                                iURLPerms as described above?
                                • 14. Re: Re: Reader 9.3.2 security block
                                  pacocappacocap Community Member

                                  Thanks for this suggestion. I have been having serious delays every time I clicked a link in a PDF. I have had to wait for the stupid pop-up asking if I wanted to allow the link, for EVERY blasted link. "Uhhh Nooooo! I think I clicked that link by mistake… %^&*#)@ @$$^&)*$!" >:( How ridiculous. So on your suggestion, I went to Preferences->Trust Manager->Internet Access from PDF files outside the web browser->Change Settings… and clicked Allow PDF files to access all web sites and now every link opens instantly in my browser just like when I click a link in the browser.


                                  Acrobat settings.png


                                  I looked at every setting except this one since it is completely unintuitive to those of us who didn't write the code for Acrobat.