Enterprise Toolkit | Windows Registry Reference

Attachments (Attachments)

Acrobat products allow you to open and save attachments to PDF files. However, attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Certainly file types such as .bin, .exe, .bat, and so on will be recognized as threats by most users and are not allowed as attachments. Adobe applications maintain attachment black and white lists that can be modified and locked by the administrator.

For related and core preferences that map to the user interface, see the Originals key details.For related and core preferences that map to the user interface, see the Originals key details.



For additional security-related details, refer to the Application Security Guide.


This preference category contains the following subfeature(s):

Attachments

These preferences provide trust options for attachments.

Summary table
c[someExtension] A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension.
cAttachmentTypeToPermList A container for a list of cabs identifying file extensions and their permissions.
cDefaultFindAttachmentPerms A container for tSearchAttachmentsWhiteList.
cDefaultLaunchAttachmentPerms A container for iFileAttachmentPerms, tBuiltInPermList, and others.
cDormant Caches a list of files for which the user has specified the portfolio welcome page should not appear.
cUserLaunchAttachmentPerms A container for user-specified attachment permissions.
iFileAttachmentPerms Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager.
iPerm The attachment permissions for the file type specified in sExtension.
iUnlistedAttachmentTypePerm Specifies the default permissions for file types that aren't listed in the default or user-specified lists.
sExtension The attachment extensions whose permissions are specified by iPerm.
tBuiltInPermList Defines a white and black list of file types that can be saved and opened from a document.
tSearchAttachmentsWhiteList Specifies a whitelist to of attachment filetypes that can be searched.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type string: Binary value > REG_BINARY
Default Adobe specified
Version # 7.0+
HKLM Path FeatureLockDown\cDefaultLaunchAttachmentPerms
Summary Defines a white and black list of file types that can be saved and opened from a document.
Details An administrator can customize this list to be more restrictive or permissive based on workflow requirements and business needs. Note that if there are duplicate entries, the product only uses the value of the first entry. Possible values include any extension and one of the following permission levels:
  • 0: User is warned that the file may be unsafe and is given two choices: open or permanently set the behavior to Prohibited.
  • 1: User is warned that the file may be unsafe and is given three choices: open or permanently set the behavior to Allowed or Prohibited.
  • 2: Always open this file type.
  • 3: This file type does not open and a warning message appears.
Beginning with build 21.011.20029, extensions added in the tBuiltInPermList with restriction level 3 will be missing from the menu items in all the save and open dialogs. This feature is enabled by default. Users can revert to the old behavior by setting FeatureLockDown/bEnableBlacklistForOpenSave to 0.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default 0
Version # 8.0+
HKLM Path FeatureLockDown\
Summary Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager.
Details Possible values include:
  • 0 (or null): Open and save permissions are determined by the values set in tBuiltInPermList.
  • 1: No file attachments may be opened or saved to disk.
  • 2: All file attachments may be opened or saved to disk.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type text: String value > REG_SZ
Default 0
Version # 11.0.04
HKLM Path FeatureLockDown\cDefaultFindAttachmentPerms
Summary Specifies a whitelist to of attachment filetypes that can be searched.
Details The product's search and find features enable searching non-PDF attachments. This preference contains the filetype whitelist allowed to be searched. If the PDF contains an attachment type, which is not part of the whitelist, it will not be extracted and searched. This preference hardens the surface exposed by ACROTEXTEXRACTOR.EXE. Possible values include:
  • A pipe-separated list (e.g. |doc|docx|dv|emf|). Values change over versions. Refer to the actual preference values for a list of current settings.
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default
Version # 8.0+
HKCU Path Attachments
HKLM Path Not lockable
Summary A container for tSearchAttachmentsWhiteList.
Details See tSearchAttachmentsWhiteList
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default
Version # 8.0+
HKCU Path Attachments
HKLM Path Not lockable
Summary A container for iFileAttachmentPerms, tBuiltInPermList, and others.
Details Refer to the contained preferences.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default
Version # 8.0+
HKCU Path Attachments
HKLM Path Not lockable
Summary A container for user-specified attachment permissions.
Details The sub-keys are populated when the user provides open and save permissions to attachment file types via dialogs. When the values change for these preferences, the disabled "Restore" button in the product's Attachment UI becomes active. iUnlistedAttachmentTypePerm and cAttachmentTypeToPermList.
GUI mapping Edit > Preferences > Trust Manager > Attachments (Restore button)
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default 1
Version # 8.0+
HKCU Path Attachments\cUserLaunchAttachmentPerms
HKLM Path FeatureLockDown\cDefaultLaunchAttachmentPerms
Summary Specifies the default permissions for file types that aren't listed in the default or user-specified lists.
Details There are 3 possible values:
  • 0 or null: Prompt user without the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with two options: Open File and Never Allow.
  • 1: Prompt user with the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with three options: Open File, Always Allow, and Never Allow.
  • 2: Always launch files of unspecified Types. The file opens if it's extension is associated with an extension.
  • 3: Never launch files of Unspecified Types. If a file with an unspecified file extension is launched then a dialog appears indicating that the application doesn't allow such files to launch.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default null
Version # 8.0+
HKCU Path Attachments\cUserLaunchAttachmentPerms
HKLM Path Not lockable
Summary A container for a list of cabs identifying file extensions and their permissions.
Details For example, the key could contain the subkey cdocx which would contain two values: iPerm and sExtension. Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown.
GUI mapping The keys are populated when the user provides open and save permissions to attachment file types via dialogs.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default
Version # 8.0+
HKCU Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList
HKLM Path Not lockable
Summary A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default null
Version # 8.0+
HKCU Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension]
HKLM Path Not lockable
Summary The attachment permissions for the file type specified in sExtension.
Details There are 3 possible values:
  • 0 or null: The Trust Manager determines permissions for open and save.
  • 1: No unknown file type attachments can be opened or saved to disk.
  • 2: All unknown file attachments may be opened or saved to disk.
Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown.
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type string: Binary value > REG_BINARY
Default null
Version # 8.0+
HKCU Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension]
HKLM Path Not lockable
Summary The attachment extensions whose permissions are specified by iPerm.
Details Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown.
Not modifiableSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
Default
Version # 8.0+
HKCU Path Attachments\cWelcomePage
HKLM Path Not lockable
Summary Caches a list of files for which the user has specified the portfolio welcome page should not appear.
Details The list is limited to 100 files. Reader 10.x does not display a welcome page irrespective of this setting. Possible values include:
  • null
  • Up to 100 user specified files.
GUI mapping The Don't show Welcome Page again checkbox.