Don't launch that file Adobe Reader!

Published: 2015-09-19
Last Updated: 2015-09-19 09:52:44 UTC
by Didier Stevens (Version: 1)
4 comment(s)

Maybe you read my PDF + DOC malicious document diary entry, or maybe even you tested your system with my PDF + DOC test file, and maybe you wondered if you could change Adobe Reader's behavior.

Well, no more "maybes": you can. Years ago, when PDF malware was the most widespread malicious document type, disabling JavaScript in Adobe Reader was a recommendation.

But you can also prevent Adobe Reader from opening embedded files and launching the associated application. Here is the setting in the Trust Manager to do this:

And if PDF attachments are important in your organization, this setting will not prevent attachments from being saved (extracted). Only from being launched from within Adobe Reader.

I also have a video showing the effects of this setting (plus the JavaScript setting).


Didier Stevens
Microsoft MVP Consumer Security
My YouTube Channel

4 comment(s)


Diary Archives