Adobe X with Protected Mode not working w/STIG Security Templates

(imported topic written by scottp81891)

Hi Everyone -

My clients have installed Adobe Reader X and then enabled the Protected Mode on Startup and then after that caused the Reader to then NOT to open it with the Protected Mode enabled. So we left it disabled for now and all is OK.

Next we conducted some testing and the culprit of this problem was due to the STIG Security Templates settings on my XP box. Somehow Adobe Reader X with Protected Mode enabled “did not like” these restrictive settings.

So then we did a “roll-back” to the defaults and that solved the issue.

In any case, our decision was to reimage the PC and keeping those STIG Security Templates in place.

However, can someone please tell me which of these settings in the template that may have caused an issue using Adobe Reader X with Protected Mode enabled?

Also, I am stuck with the decision of just leaving the Protection Mode DISABLED while keeping the Templates in place, or, to stick with the default OS settings and then leaving the Adobe X Protected Mode enabled???

Please help me on whats the best: Option to keep the STIGs in place, or just do a ROLL-BACK to the defaults and leaving the Protected Mode ENABLED?

I dont get it.

(imported comment written by Eric Walker)

Hi scottp818,

Which DISA sites are you seeing this issue with?

Eric

(imported comment written by scottp81891)

Its not the site that has the issue.

Actually its an issue with Adobe Reader X (10.1.0) when Protected Mode is enabled.

After Protected Mode is enabled in the Reader, the Reader will not start in Protected Mode.

More details are here.

http://kb2.adobe.com/cps/860/cpsid_86063.html#main_What_is_Protected_Mode_

On my Windows 7 machine using the same STIG Templates, all is OK. But its just XP.

I downloaded these templates from here.

http://iase.disa.mil/stigs/os/windows/xp.html

Is there any way to find out what security settings in these templates are causing issues?

Is there any log files that would generate this?

If yes, maybe I can modify the file and see what happens afterwards.

I tested this again without applying the STIG Templates, and Adobe Reader with Protection Mode worked all fine.

So again, I am SURE now that these Templates are causing the issue.

Just need to know which security settings are causing this issue if there is any way to look at some logs.

That would be nice before I put this machine into a production environment.

(imported comment written by Eric Walker)

Sorry to repeat a lot of what you’ve said, I just want to make sure I understand what happened –

You installed Adobe Reader X on some XP systems and then enabled protected mode (mentioned in the KB article). Then you used BigFix to apply the secedit INF files found in the “Templates - XP” subdirectory of this zip file:

http://iase.disa.mil/stigs/os/windows/u_windows_xp_v6r1.22_stig_20110729.zip

When you did that, Adobe Reader X no longer worked until you turned off protected mode, which is what you’ve done after reimaging the XP machines and applying the DISA secedit INF files again. So now you’re wondering which lines in one of the secedit INF files are conflicting with Adobe Reader X under protected mode.

Did I miss anything important?

Eric

(imported comment written by scottp81891)

Yes, thats correct. On the Adobe KB Article, I had the same error message like on the printscreen which they had there after I applied the STIGs.

Once I did the roll-back command to set back the default security, I attempted to enable the Protection Mode and then Adobe started up as normal.

But I wish to know what particular setting in the INF file is causing the issue.

Its a mystery.

Works well on Win 7 though…

So under XP, Protection Mode does not work when applying the STIG Templates.

But works when I reset the Windows XP security settings to DEFAULT…(without the STIG settings).

I tested this about 5 times now today. Something is conflicting between the STIG and the Adobe Protection Mode settings.

(imported comment written by Eric Walker)

What is the text of the Adobe Reader error when protected mode is on and the DISA templates are applied?

(imported comment written by scottp81891)

Its in the printscreen here. Just scroll down and you will see it. Thats the same error message I get.

http://kb2.adobe.com/cps/860/cpsid_86063.html#main_What_is_Protected_Mode_

I just want to find out which STIG template is causing the issue.

If enable to find that out, can I just disable the Protected Mode option and use the security template policies?

My guess is this. Maybe Adobe knows that my operating system is locked-down tight enough with these security policies, and maybe thats why its doing this…Who knows.

But is there a way to find out which line in the INF would be causing this issue?

(imported comment written by Eric Walker)

I haven’t encountered this problem before and don’t know offhand what might be causing the issue.

Two approaches to getting at the root of the problem that seem promising to me are to search Google for strings that appear in that error dialog in connection with Adobe Reader, as well as to do a binary search on the secedit templates. On a VM, try the first half of an INF file and see if the problem arises; if it does, revert the VM and try the first fourth of the file. If the problem arises in the first fourth of the file, revert the VM and try the first eighth of the file, and so on. Hopefully it would become clear early on what part of which of the INF files is causing the problem.

(imported comment written by scottp81891)

Ok, I stripped down ALOT of settings especially the ones with the registry settings in the INF file.

The VM option would take me all day, so I just taken alot of the lines off from the INF file so it would not be too too tightened down.

This should work.

By the way - I also kept the ORIGINAL INF file as well.

Thanks for your ongoing support.