6 Replies Latest reply on Jun 2, 2011 1:46 AM by Richard Badichah

    Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work

    chetanrajakumar Level 1

      Hi ,

      Please someone let me know what i need to write in ProtectedModeWhitelistConfig.txt to make MyPlugin work even when the Reader X Protected mode is enabled.

       

      Below are the logfile entries,

       

      1. When i open a document in Reader X :

       

      [04:12/01:44:04] Adobe Reader Protected Mode Logging Initiated

      [04:12/01:44:04] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:04] real path: \REGISTRY\MACHINE\Software\Adobe

      [04:12/01:44:04] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:04] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:04] real path: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Adobe

      [04:12/01:44:04] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:04] OpenEvent: STATUS_ACCESS_DENIED

      [04:12/01:44:04] name: MSFT.VSA.COM.DISABLE.2580

      [04:12/01:44:04] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

      [04:12/01:44:04] OpenEvent: STATUS_ACCESS_DENIED

      [04:12/01:44:04] name: MSFT.VSA.IEC.STATUS.6c736db0

      [04:12/01:44:04] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

      [04:12/01:44:10] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:10] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:10] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:10] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:10] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:10] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:10] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:10] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:10] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:10] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:10] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:10] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:12] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:12] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:12] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:13] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:13] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Microsoft\Direct3D\ MostRecentApplication

      [04:12/01:44:13] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:13] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:13] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Microsoft\Direct3D\ MostRecentApplication

      [04:12/01:44:13] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:13] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:13] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:13] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:13] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:13] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Adobe\Adobe Acrobat

      [04:12/01:44:13] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:16] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:16] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Classes\Local Settings\MuiCache\229\52C64B7E

      [04:12/01:44:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:16] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:16] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Classes\Local Settings\MuiCache

      [04:12/01:44:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:16] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:16] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Classes\Local Settings\MuiCache\229\52C64B7E

      [04:12/01:44:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [04:12/01:44:16] NtCreateKey: STATUS_ACCESS_DENIED

      [04:12/01:44:16] real path: \REGISTRY\USER\S-1-5-21-3251479106-2158938798-289749890-1654\Software\Classes\Local Settings\MuiCache

      [04:12/01:44:16] Consider modifying policy using this policy rule: REG_ALLOW_ANY

       

      2. When i Clicked on my one of MyPlugin button , I was getting class not registered error and logfile entries is as shown below. but it works fine if the Protected-Mode is disabled.

      [04:12/01:46:22] OpenEvent: STATUS_ACCESS_DENIED

      [04:12/01:46:22] name: Global\CLR_PerfMon_StartEnumEvent

      [04:12/01:46:22] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

      [04:12/01:46:22] OpenEvent: STATUS_ACCESS_DENIED

      [04:12/01:46:22] name: Global\CLR_PerfMon_StartEnumEvent

      [04:12/01:46:22] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

      MyPlugin works fine if the Protected-Mode is disabled.

       

      Please someone let me know what all things i have to write in 'ProtectedModeWhitelistConfig.txt ' to make MyPlugin Work.

       

      Someone please help me to solve this issue..

      Thanks in advance.

        • 1. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
          melonwind

          I have the same problem. Can somebody tell me what i can do to resolve it.


          [04:15/09:21:27] Adobe Reader Protected Mode Logging Initiated

          [04:15/09:21:28] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real path: \REGISTRY\MACHINE\Software\Adobe

          [04:15/09:21:28] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:21:28] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real path: \REGISTRY\MACHINE\SOFTWARE\Adobe

          [04:15/09:21:28] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:21:28] NtCreateFile: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real path: \??\C:\WINDOWS\system32\imjp81.ime

          [04:15/09:21:28] 次のポリシールールを使用してポリシーの変更を検討してください : FILES_ALLOW_ANY または FILES_ALLOW_DIR_ANY

          [04:15/09:21:28] NtCreateMutant: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real_path: \BaseNamedObjects\RasPbFile

          [04:15/09:21:28] 次のポリシールールを使用してポリシーの変更を検討してください : MUTANT_ALLOW_ANY

          [04:15/09:21:28] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real path: \REGISTRY\MACHINE\Software\Microsoft\Tracing

          [04:15/09:21:28] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:21:28] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:21:28] real path: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing

          [04:15/09:21:28] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:21:28] OpenEvent: STATUS_ACCESS_DENIED

          [04:15/09:21:28] name: _fCanRegisterWithShellService

          [04:15/09:21:28] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

          [04:15/09:28:54] Adobe Reader Protected Mode Logging Initiated

          [04:15/09:28:54] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:28:54] real path: \REGISTRY\MACHINE\Software\Adobe

          [04:15/09:28:54] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:28:54] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:28:54] real path: \REGISTRY\MACHINE\SOFTWARE\Adobe

          [04:15/09:28:54] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:46] Adobe Reader Protected Mode Logging Initiated

          [04:15/09:39:46] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:46] real path: \REGISTRY\MACHINE\Software\Adobe

          [04:15/09:39:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:46] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:46] real path: \REGISTRY\MACHINE\SOFTWARE\Adobe

          [04:15/09:39:46] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:46] OpenEvent: STATUS_ACCESS_DENIED

          [04:15/09:39:46] name: MSFT.VSA.COM.DISABLE.4716

          [04:15/09:39:46] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

          [04:15/09:39:46] OpenEvent: STATUS_ACCESS_DENIED

          [04:15/09:39:46] name: MSFT.VSA.IEC.STATUS.6c736db0

          [04:15/09:39:46] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

          [04:15/09:39:47] NtCreateFile: STATUS_ACCESS_DENIED

          [04:15/09:39:47] real path: \??\C:\WINDOWS\system32\imjp81.ime

          [04:15/09:39:47] 次のポリシールールを使用してポリシーの変更を検討してください : FILES_ALLOW_ANY または FILES_ALLOW_DIR_ANY

          [04:15/09:39:49] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:49] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:49] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:49] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:49] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:49] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:49] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:49] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:49] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:49] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:49] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:49] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:49] OpenEvent: STATUS_ACCESS_DENIED

          [04:15/09:39:49] name: _fCanRegisterWithShellService

          [04:15/09:39:49] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Microsoft\Direct3D\M ostRecentApplication

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Microsoft\Direct3D\M ostRecentApplication

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          [04:15/09:39:51] NtCreateKey: STATUS_ACCESS_DENIED

          [04:15/09:39:51] real path: \REGISTRY\USER\S-1-5-21-823518204-861567501-1177238915-1003\Software\Adobe\Adobe Acrobat

          [04:15/09:39:51] Consider modifying policy using this policy rule: REG_ALLOW_ANY

          • 2. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
            chetanrajakumar Level 1

            Hi Buddy ,

             

            Can you try writing a whitelist as i told in the previous post .

             

            Please go through this post http://forums.adobe.com/message/3581356 , it may help you in doing the below.

             

            Do the following in order to overcome those errors,

            1.     Create a text file name 'ProtectedModeWhitelistConfig.txt'  in “C:\Program Files\Adobe\Reader 10.0\Reader” path and add the below lines to it.

            ; Files Section
            FILES_ALLOW_ANY=%SYSTEMROOT%\system32\*
            FILES_ALLOW_ANY=%APPDATA%\LexisNexis\*
            FILES_ALLOW_ANY=%USERPROFILE%\Application Data\LexisNexis\*
            FILES_ALLOW_ANY=C:\*
            FILES_ALLOW_ANY=%SystemRoot%\assembly\gac\*
            FILES_ALLOW_DIR_ANY= C:\*
            FILES_ALLOW_DIR_ANY=%SystemRoot%\assembly\gac\* 

             

            ; Processes

             

            ; Registry
            REG_ALLOW_ANY=HKEY_CURRENT_USER\SOFTWARE\Adobe*
            REG_ALLOW_ANY=HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MuiCache*
            REG_ALLOW_ANY=HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication*
            REG_ALLOW_ANY=HKEY_LOCAL_MACHINE\SOFTWARE\Adobe*
            REG_ALLOW_ANY=HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing

             

            ; Events
            EVENTS_ALLOW_ANY=MSFT.VSA*
            EVENTS_ALLOW_ANY=Global\BFE_Notify_Event_*
            EVENTS_ALLOW_ANY=_fCanRegisterWithShellService*

             

            ; Mutants
            MUTANT_ALLOW_ANY=*RasPbFile*

             

            ; Sections

             

            2.      Add DWORD registry entry name it as ‘bUseWhitelistConfigFile’  in this node  “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown” and set it to 1.

             

            After the above 2 steps you test your plug-in , i dont think it will work but the Errors which you were getting will be vanished .

            To make your Plugin work in Protected Mode ON, you have to write a Broker process for your plugin.

             

            Thanks and Regards,

            Chetan.

             

            • 3. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
              melonwind Level 1

              The problem is still exist.

              Anyway, thanks a lot for your advice.

              • 4. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
                Richard Badichah

                Hi Chetan,

                 

                can you please explain what do you mean by your last sentence? What do you mean by writing a broker Process for the plugin?

                 

                     After the above 2 steps you test your plug-in , i dont think it will work but the Errors which you were getting will be vanished .

                     To make your Plugin work in Protected Mode ON, you have to write a Broker process for your plugin.

                 

                    

                it is not enough to write the Policies and enable in the Registry?

                • 5. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
                  chetanrajakumar Level 1

                  Hi Richard,

                   

                  Please go through the below links, it may help you.

                   

                  Read about Protected mode and Sandboxing in this link http://blogs.adobe.com/pdfdevjunkie/what-developers-need-to-know-about-acrobat-x

                   

                  http://forums.adobe.com/thread/838240?tstart=30

                   

                  http://forums.adobe.com/thread/834524?tstart=60

                   

                  But, I was not 100% successful in making MyPlugin to work during protected mode-ON ,as the way it works during protected mode OFF.

                  This is still under progress.

                  Using Broker Process we can make our plug-in work even when the Reader-X protected mode is ON.

                  Trying that, once done let you know about this.

                  • 6. Re: Reader X :ProtectedModeWhitelistConfig.txt entries to make MyPlugin work
                    Richard Badichah Level 1

                    Thank you Chetan for your answer.

                    i've read all of the links and i couldn't understand still how to write the Broker Process.

                     

                    Do you have any sample?

                     

                    Also i read in one of the links You've sent the following:

                     

                    If your plug-in uses the Acrobat SDK APIs provided to you for file I/O, etc. then Reader X will handle all the brokering for you and you won’t even need to worry about the sandbox… unless you try to reference objects outside the trusted areas.   If you make direct Windows OS API calls which fall into low rights categories, writing to the registry, for example, you will need to create your own broker and a sample in the new SDK will show you how.

                     

                     

                    Our plugin was developped using SDK 7.0.5. i replaced it with X but still it didn't work. what should i do more on this?

                    again i see this sentence: "you will need to create your own broker and a sample in the new SDK will show you how."

                     

                    Again how can i create my own broker? and i couldn't find the sample in the new SDK. any ideas please?

                     

                    Thanks again for your help.