5 Replies Latest reply on Oct 11, 2011 6:53 AM by ToM_1st

    Reader X: ProtectedModeWhitelistConfig.txt entry results in error

    ToM_1st Level 1

      Hi,

       

      to make a plugin work again in the Reader X 10.1.1 i added a policy file.

      Nearly everything is working however i can't use the 'REG_ALLOW_ANY' key.

       

      The logging output is e.g.:

       

      <snip>

      [09:22/16:23:40] NtCreateKey: STATUS_ACCESS_DENIED

      [09:22/16:23:40] real path: \REGISTRY\MACHINE\Software\Adobe

      [09:22/16:23:40] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      [09:22/16:23:40] NtCreateKey: STATUS_ACCESS_DENIED

      [09:22/16:23:40] real path: \REGISTRY\MACHINE\SOFTWARE\Adobe

      [09:22/16:23:40] Consider modifying policy using this policy rule: REG_ALLOW_ANY

      <snip>

       

      -> I tried the following keys however always get an 'Custom policy syntax error' :

       

      REG_ALLOW_ANY= \REGISTRY\MACHINE\Software\Adobe*

      or

      REG_ALLOW_ANY= \REGISTRY\MACHINE\Software\Adobe**

      or

      REG_ALLOW_ANY=HKEY_CURRENT_USER\SOFTWARE\Adobe*

      or

      REG_ALLOW_ANY=HKEY_LOCAL_MACHINE\SOFTWARE\Adobe*

       

      Any ideas?

      Thanks

        • 1. Re: Reader X: ProtectedModeWhitelistConfig.txt entry results in error
          Bernd Alheit Adobe Community Professional & MVP

          You may try the forum for Acrobat SDK.

          • 3. Re: Reader X: ProtectedModeWhitelistConfig.txt entry results in error
            ashutoshmehra Adobe Employee

            @ToM_1st: To create a registry policy that allows writing to any area of HKCU\Software\Adobe, write the following rule:

             

            REG_ALLOW_ANY = HKEY_CURRENT_USER\Software\Adobe*

             

            into a file called ProtectedModeWhitelistConfig.txt and copy it right next to AcroRd32.exe (in your Program Files directory).

             

            Note that granting too lax a policy for the sandbox is bad from a security point of view because it allows the sandbox to write to areas of the system where it normally should have no business writing. Using such lax policies can, effectively, allow the sandbox to bypass the restrictions that the sandbox was primarily designed for. So be careful.

             

            Also note that on Win7/Vista, due to UAC restrictions, even when running as admin, processes don't get access to write to HKLM. So adding a rule for HKEY_LOCAL_MACHINE would probably not work. And anyway, the sandbox doesn't need to write to HKLM anyway, so that rule is unnecessary.

            • 4. Re: Reader X: ProtectedModeWhitelistConfig.txt entry results in error
              ToM_1st Level 1

              ashutoshmehra wrote:

               

              @ToM_1st: To create a registry policy that allows writing to any area of HKCU\Software\Adobe, write the following rule:

               

              REG_ALLOW_ANY = HKEY_CURRENT_USER\Software\Adobe*

               

              into a file called ProtectedModeWhitelistConfig.txt and copy it right next to AcroRd32.exe (in your Program Files directory).

              Already tried that but it didn't work. (Probably due to your next comment)

               

               

              Also note that on Win7/Vista, due to UAC restrictions, even when running as admin, processes don't get access to write to HKLM. So adding a rule for HKEY_LOCAL_MACHINE would probably not work. And anyway, the sandbox doesn't need to write to HKLM anyway, so that rule is unnecessary.

               

              This doesn't make sense?! What's the policy file and that specific key for if i can't access the registry? But this would be an explanation why it doesn't work. Strange though why it gives me the 'Custom policy syntax error' and not a 'your key is probably right but i don't have the rights to access the registry' error...

               

              thanks

              • 5. Re: Reader X: ProtectedModeWhitelistConfig.txt entry results in error
                ToM_1st Level 1

                Hi,

                found what caused the 'Custom policy syntax error' - the windows text editor uses different line breaks which messed up the file...