Protect Adobe Acrobat & Reader

PDF files have become industry standard for sharing documents using email attachments. Similar to Microsoft Office files, PDF files may contain active content (interactive forms, multimedia content, scripts) that can make changes to Windows and exfiltrate data. There are several settings that provide warnings and protection when opening a file from an untrusted location.

Update App
On September 14, 2021, Adobe released security updates for many of their software packages, including Acrobat & Acrobat Reader (https://helpx.adobe.com/security/products/acrobat/
apsb21-55.html
), XMP Toolkit SDK and Photoshop (https://helpx.adobe.com/security.html). Before making any configuration changes, make sure your version is updated to the latest available. The easiest way is from within the program:

Help > Check for Updates

Enable Enhanced Security
These settings will issue a warning whenever a restricted action is called that is not from a trusted location or file. Several types of warnings are shown below.

Edit > Preferences > Security (Enhanced)
Check "Enable Enhanced Security"
Check "Enable Protected Mode at Startup"
  (for Acrobat Reader)
Check "All Files"
  (for Acrobat)

Add Exceptions
If there are trusted websites that send you PDF files with active content, you can add those sites to "Privileged Locations" list. You can also add specific PDF files or folders where you save these files.

Disable JavaScript
JavaScript is the built-in scripting engine in Adobe Acrobat. We recommend you disable Acrobat JavaScript, and only enable it when you need to open a trusted file with active content.

Edit > Preferences > JavaScript
Un-check "Enable Acrobat JavaScript"
Click "Save"

Next Steps

These settings will provide you better protection and warnings than you get with default configurations.

If you receive an email you weren't expecting from a sender you don't know with a PDF attachment you're not familiar with, it's still good practice to delete the message. If you know the sender or their company, call the company and verify the message is legitimate. Or contact our team and we'll let you know if the attachment is malicious.

If you regularly communicate with other firms, their potential lack of security preparedness can impact your firm. Encourage them to contact us & we'll help them assess their own cybersecurity to keep you both secure.

Want to better recognize and handle threats to your network, data and devices? Register for our next free 1/2 hour webinar "IT Security for the Common Worker 101B at:  http://leeshanok.hubspotpagebuilder.com/leeshanok-cybersecurity-webinar-101b-registration-oct-2021

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com