Sandboxing is a technique for confining the execution environment of untrusted programs and processes. In the context of Adobe's PDF products, an 'untrusted program' is any PDF and the processes it invokes. With sandboxing enabled, Acrobat and Reader assume all PDFs are potentially malicious and confines any processing they invoke to the sandbox.
For additional security-related details, refer to the Application Security Guide.
This preference category contains the following subfeature(s):
Protected Mode is a key Reader and Acrobat security feature and should be enabled to protect user systems and data. Note: While Reader has supported Protected Mode since 10.x, Protected Mode is gradually being extended via a phased rollout to Acrobat's DC/Continuous track beginning June, 2020. Classic track versions will likely see similar support later this year.
|BrokerLogfilePath||Specifies the path and log file name for the Protected Mode log.|
|ProtectedMode||Enables Protected Mode which sandboxes Acrobat and Reader processes.|
|UseWhitelistConfigFile||Allows the user of policy whitelist to allow behavior that Protected Mode would otherwise prevent.|
|Data type||0 (bool)|
|Version #||10.0+; Acrobat: June, 2020|
|Summary||Enables Protected Mode which sandboxes Acrobat and Reader processes.|
|Details||Protected Mode should be enabled to protect user systems and data. Possible values include:
|GUI mapping||Preferences > Security (Enhanced) > Sandbox Protections > Enable Protected Mode at startup|
|Data type||5 (text)|
|Lock Path||Not lockable|
|Summary||Specifies the path and log file name for the Protected Mode log.|
|Details||The value should be path + log filename. Logging is available for users who need to troubleshoot problems where a workflow or plugin does not work when Protected Mode is enabled. The log may provide guidance as to whether a custom policy file should be used to re-enable broken workflows or plugins.
|GUI mapping||Preferences > Security (Enhanced) > Sandbox Protections > Create Protected Mode log file|
|Data type||0 (bool)|
|Summary||Allows the user of policy whitelist to allow behavior that Protected Mode would otherwise prevent.|
|Details||This preference just toggles the ability of the application to read policy files. For additional security-related details, refer to the Application Security Guide.|
The AppContainer requires that Protected Mode is enabled, and both features are designed to be transparent to end users. Together these provide multiple layers of protection from malicious attacks that might try to access your system and data. Like Protected Mode, AppContainer has an HKCU preference as well as an HKLM preference which you can lock.
This preference is only used during an upgrade from 11.x products to 12.x and later products. The preference is used once by the application to determine whether or not the recent files list has been migrated.
|OldRecentFilesMigrated||Indicates whether the recent files list has been migrated.|