Enterprise Toolkit > Windows Registry Reference

Attachments (Attachments)

The Acrobat family of products allow you to open and save attachments to PDF files. However, attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Certainly file types such as .bin, .exe, .bat, and so on will be recognized as threats by most users and are not allowed as attachments. Adobe applications maintain attachment black and white lists that can be modified and locked by the administrator.

For more information, refer to the Application Security Guide.


This preference category contains the following subfeature(s):

Attachments

These preferences provide trust options for attachments.

Summary table
c[someExtension] A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension.
cAttachmentTypeToPermList Contains a list of cabs identifying file extensions and their permissions.
cDefaultLaunchAttachmentPerms A container for iFileAttachmentPerms, tBuiltInPermList, and others.
cDormant Caches a list of files for which the user has specified the portfolio welcome page should not appear.
cUserLaunchAttachmentPerms A container for user-specified permissions: see iUnlistedAttachmentTypePerm and cAttachmentTypeToPermList.
iFileAttachmentPerms Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager.
iPerm The attachment permissions for the file type specified in sExtension.
iUnlistedAttachmentTypePerm Specifies the default permissions for file types that aren't listed in the default or user-specified lists.
sExtension The attachment extensions whose permissions are specified by iPerm.
tBuiltInPermList Defines a white and black list of file types that can be saved and opened from a document.
tSearchAttachmentsWhiteList Specifies a whitelist to of attachment filetypes that can be searched.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type string: Binary value > REG_BINARY
Default Adobe specified
Version # 7.0 and later
Lock Path HKLM\SOFTWARE\Policies\Adobe\(product name)\(version)\FeatureLockdown\cDefaultLaunchAttachmentPerms
Summary Defines a white and black list of file types that can be saved and opened from a document.
Details This preference is not respected for any Reader 10.x version with Protected Mode enabled.

An administrator can customize this list to be more restrictive or permissive based on workflow requirements and business needs. Possible values include any extension and one of the following permission levels:
  • 0: User is warned that the file may be unsafe and is given two choices: open or permanently set the behavior to Prohibited.
  • 1: User is warned that the file may be unsafe and is given three choices: open or permanently set the behavior to Allowed or Prohibited.
  • 2: Always open this file type.
  • 3: This file type does not open and a warning message appears.
GUI mapping Preferences > Trust Manager > Attachments panel
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default 0
Version # 8.0 and later
Lock Path HKLM\SOFTWARE\Policies\Adobe\(product name)\(version)\FeatureLockdown\cDefaultLaunchAttachmentPerms
Summary Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager.
Details Possible values include:
  • 0 (or null): Open and save permission are determined by the values set in tBuiltInPermList.
  • 1: No file attachments may be opened or saved to disk.
  • 2: All file attachments may be opened or saved to disk.
GUI mapping Preferences > Trust Manager > Attachment panel > Allow opening of Non-PDF file attachments with external applications.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type text: String value > REG_SZ
Default 0
Version # 11.0.04
Lock Path HKLM\SOFTWARE\Policies\Adobe\(product name)\(version)\FeatureLockdown\cDefaultLaunchAttachmentPerms
Summary Specifies a whitelist to of attachment filetypes that can be searched.
Details This preference hardens the surface exposed by ACROTEXTEXRACTOR.EXE. Possible values include:
  • 0 (or null): 3g2|3gp|3gpp|3gpp2|aac|ac3|aif|aiff|ani|asf|avi|bmp|cdr|cur|divx|djvu|doc|docx|dv|emf|eps|flv|f4v|gif|ico|iff|jbig2|jp2|jpeg|jpg|m2v|m4a|m4b|m4p|m4v|mid|mkv|mov|mpa|mp2|mp3|mp4|mts|nsv|ogg|ogm|ogv|pbm|pgm|png|ppm|ppt|pptx|ps|psd|qt|rtf|riff|svg|tif|ts|txt|ram|rm|rmvb|vob|wav|wma|wmf|wmv|xmb|xls|xlsx
GUI mapping Preferences > Trust Manager > Attachment panel > Allow opening of Non-PDF file attachments with external applications.
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues in the right hand registry panel.
Default null
Version # 8.0 and later
Path Attachments
Summary A container for iFileAttachmentPerms, tBuiltInPermList, and others.
Details While this key is not itself lockable, attachment behavior can be locked in FeatureLockdown on Windows.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues in the right hand registry panel.
Default null
Version # 8.0 and later
Path Attachments
Summary A container for user-specified permissions: see iUnlistedAttachmentTypePerm and cAttachmentTypeToPermList.
GUI mapping The keys are populated when the user provides open and save permissions to attachment file types via dialogs.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default 1
Version # 8.0 and later
Path Attachments\cUserLaunchAttachmentPerms
Lock Path FeatureLockDown\cDefaultLaunchAttachmentPerms
Summary Specifies the default permissions for file types that aren't listed in the default or user-specified lists.
Details There are 3 possible values:
  • 0 or null: Prompt user without the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with two options: Open File and Never Allow.
  • 1: Prompt user with the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with three options: Open File, Always Allow, and Never Allow.
  • 2: Always launch files of unspecified Types. The file opens if it's extension is associated with an extension.
  • 3: Never launch files of Unspecified Types. If a file with an unspecified file extension is launched then a dialog appears indicating that the application doesn't allow such files to launch.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues in the right hand registry panel.
Default null
Version # 8.0 and later
Path Attachments\cUserLaunchAttachmentPerms
Summary Contains a list of cabs identifying file extensions and their permissions.
Details For example, the key could contain the subkey cdocx which would contain two values: iPerm and sExtension. Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockdown.
GUI mapping The keys are populated when the user provides open and save permissions to attachment file types via dialogs.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues in the right hand registry panel.
Default null
Version # 8.0 and later
Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList
Summary A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension.
Details Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockdown.
Security hardeningSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type integer: DWORD value > REG_DWORD
Default null
Version # 8.0 and later
Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension]
Summary The attachment permissions for the file type specified in sExtension.
Details There are 3 possible values:
  • 0 or null: The Trust Manager determines permissions for open and save.
  • 1: No unknown file type attachments can be opened or saved to disk.
  • 2: All unknown file attachments may be opened or saved to disk.
Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockdown.
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type string: Binary value > REG_BINARY
Default null
Version # 8.0 and later
Path Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension]
Summary The attachment extensions whose permissions are specified by iPerm.
Details Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockdown.
Not modifiableSupported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type n/a: Cabs are keys that contain subvalues in the right hand registry panel.
Default
Version # 8.0 and later
Path Attachments\cWelcomePage
Summary Caches a list of files for which the user has specified the portfolio welcome page should not appear.
Details The list is limited to 100 files. Reader 10.x does not display a welcome page irrespective of this setting. Possible values include:
  • null
  • Up to 100 user specified files.
GUI mapping The Don't show Welcome Page again checkbox.

Accessibility for Portfolios

The preference here is designed to enhance the accessibility of the portfolio feature.

Summary table
bUsePlatformNavigator Specifies whether to always show portfolios in an accessible view.
Supported on WindowsSupported on MacSupported by AcrobatSupported by Adobe Reader
Data type boolean: DWORD value > REG_DWORD
Default 0
Version # 9.0-10.0
Path Attachments
Summary Specifies whether to always show portfolios in an accessible view.
Details This preference was replaced by bUseDetailsNavigator. Possible values include:
  • 0: Don't show the portfolios platform control.
  • 1: Do show the portfolios platform control.
GUI mapping Preferences > Access > Other Accessibility Options > Always show portfolios platform control