Attachments (Attachments)
Acrobat products allow you to open and save attachments to PDF files. However, attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Certainly file types such as .bin, .exe, .bat, and so on will be recognized as threats by most users and are not allowed as attachments. Adobe applications maintain attachment black and white lists that can be modified and locked by the administrator.
For related and core preferences that map to the user interface, see the Originals key details.For related and core preferences that map to the user interface, see the Originals key details.
For additional security-related details, refer to the
Application Security Guide.
This preference category contains the following subfeature(s):
Attachments
These preferences provide trust options for attachments.
Summary table
| c[someExtension] |
A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension. |
| cAttachmentTypeToPermList |
A container for a list of cabs identifying file extensions and their permissions. |
| cDefaultFindAttachmentPerms |
A container for tSearchAttachmentsWhiteList. |
| cDefaultLaunchAttachmentPerms |
A container for iFileAttachmentPerms, tBuiltInPermList, and others. |
| cDormant |
Caches a list of files for which the user has specified the portfolio welcome page should not appear. |
| cUserLaunchAttachmentPerms |
A container for user-specified attachment permissions. |
| iFileAttachmentPerms |
Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager. |
| iPerm |
The attachment permissions for the file type specified in sExtension. |
| iUnlistedAttachmentTypePerm |
Specifies the default permissions for file types that aren't listed in the default or user-specified lists. |
| sExtension |
The attachment extensions whose permissions are specified by iPerm. |
| tBuiltInPermList |
Defines a white and black list of file types that can be saved and opened from a document. |
| tSearchAttachmentsWhiteList |
Specifies a whitelist to of attachment filetypes that can be searched. |
|
|
| Data type |
string: Binary value > REG_BINARY
|
| Default |
Adobe specified |
| Version # |
7.0+ |
| HKLM Path |
FeatureLockDown\cDefaultLaunchAttachmentPerms |
| Summary |
Defines a white and black list of file types that can be saved and opened from a document. |
| Details |
An administrator can customize this list to be more restrictive or permissive based on workflow requirements and business needs. Note that if there are duplicate entries, the product only uses the value of the first entry. Possible values include any extension and one of the following permission levels:
- 0: User is warned that the file may be unsafe and is given two choices: open or permanently set the behavior to Prohibited.
- 1: User is warned that the file may be unsafe and is given three choices: open or permanently set the behavior to Allowed or Prohibited.
- 2: Always open this file type.
- 3: This file type does not open and a warning message appears.
Beginning with build 21.011.20029, extensions added in the tBuiltInPermList with restriction level 3 will be missing from the menu items in all the save and open dialogs. This feature is enabled by default. Users can revert to the old behavior by setting FeatureLockDown/bEnableBlacklistForOpenSave to 0.
|
|
|
| Data type |
integer: DWORD value > REG_DWORD
|
| Default |
0 |
| Version # |
8.0+ |
| HKLM Path |
FeatureLockDown\ |
| Summary |
Prevents users from opening or launching file types other than PDF or FDF and disables the menu option in Trust Manager. |
| Details |
Possible values include:
- 0 (or null): Open and save permissions are determined by the values set in tBuiltInPermList.
- 1: No file attachments may be opened or saved to disk.
- 2: All file attachments may be opened or saved to disk.
|
|
|
| Data type |
text: String value > REG_SZ
|
| Default |
0 |
| Version # |
11.0.04 |
| HKLM Path |
FeatureLockDown\cDefaultFindAttachmentPerms |
| Summary |
Specifies a whitelist to of attachment filetypes that can be searched. |
| Details |
The product's search and find features enable searching non-PDF attachments. This preference contains the filetype whitelist allowed to be searched. If the PDF contains an attachment type, which is not part of the whitelist, it will not be extracted and searched. This preference hardens the surface exposed by ACROTEXTEXRACTOR.EXE. Possible values include:
- A pipe-separated list (e.g. |doc|docx|dv|emf|). Values change over versions. Refer to the actual preference values for a list of current settings.
|
|
|
| Data type |
n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
|
| Default |
|
| Version # |
8.0+ |
| HKCU Path |
Attachments |
| HKLM Path |
Not lockable |
| Summary |
A container for user-specified attachment permissions. |
| Details |
The sub-keys are populated when the user provides open and save permissions to attachment file types via dialogs. When the values change for these preferences, the disabled "Restore" button in the product's Attachment UI becomes active. iUnlistedAttachmentTypePerm and cAttachmentTypeToPermList. |
| GUI mapping |
Edit > Preferences > Trust Manager > Attachments (Restore button) |
|
|
| Data type |
integer: DWORD value > REG_DWORD
|
| Default |
1 |
| Version # |
8.0+ |
| HKCU Path |
Attachments\cUserLaunchAttachmentPerms |
| HKLM Path |
FeatureLockDown\cDefaultLaunchAttachmentPerms |
| Summary |
Specifies the default permissions for file types that aren't listed in the default or user-specified lists. |
| Details |
There are 3 possible values:
- 0 or null: Prompt user without the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with two options: Open File and Never Allow.
- 1: Prompt user with the ability to set the file type as Allowed. If a file with an unspecified file extension is launched then a dialog appears with three options: Open File, Always Allow, and Never Allow.
- 2: Always launch files of unspecified Types. The file opens if it's extension is associated with an extension.
- 3: Never launch files of Unspecified Types. If a file with an unspecified file extension is launched then a dialog appears indicating that the application doesn't allow such files to launch.
|
|
|
| Data type |
n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
|
| Default |
null |
| Version # |
8.0+ |
| HKCU Path |
Attachments\cUserLaunchAttachmentPerms |
| HKLM Path |
Not lockable |
| Summary |
A container for a list of cabs identifying file extensions and their permissions. |
| Details |
For example, the key could contain the subkey cdocx which would contain two values: iPerm and sExtension. Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown. |
| GUI mapping |
The keys are populated when the user provides open and save permissions to attachment file types via dialogs. |
|
|
| Data type |
n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
|
| Default |
|
| Version # |
8.0+ |
| HKCU Path |
Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList |
| HKLM Path |
Not lockable |
| Summary |
A user specified list of file types whose permissions and extensions are specified in iPerm and sExtension. |
|
|
| Data type |
integer: DWORD value > REG_DWORD
|
| Default |
null |
| Version # |
8.0+ |
| HKCU Path |
Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension] |
| HKLM Path |
Not lockable |
| Summary |
The attachment permissions for the file type specified in sExtension. |
| Details |
There are 3 possible values:
- 0 or null: The Trust Manager determines permissions for open and save.
- 1: No unknown file type attachments can be opened or saved to disk.
- 2: All unknown file attachments may be opened or saved to disk.
Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown. |
|
|
| Data type |
string: Binary value > REG_BINARY
|
| Default |
null |
| Version # |
8.0+ |
| HKCU Path |
Attachments\cUserLaunchAttachmentPerms\cAttachmentTypeToPermList\c[someExtension] |
| HKLM Path |
Not lockable |
| Summary |
The attachment extensions whose permissions are specified by iPerm. |
| Details |
Windows only: While this key is not individually lockable, all attachment behavior can be locked in FeatureLockDown. |
|
|
| Data type |
n/a: Cabs are keys that contain subvalues displayed in the right hand registry panel.
|
| Default |
|
| Version # |
8.0+ |
| HKCU Path |
Attachments\cWelcomePage |
| HKLM Path |
Not lockable |
| Summary |
Caches a list of files for which the user has specified the portfolio welcome page should not appear. |
| Details |
The list is limited to 100 files. Reader 10.x does not display a welcome page irrespective of this setting. Possible values include:
- null
- Up to 100 user specified files.
|
| GUI mapping |
The
Don't show Welcome Page again checkbox. |
