-
Notifications
You must be signed in to change notification settings - Fork 21
Example: Adobe Reader DC
Roger Zander edited this page May 7, 2017
·
1 revision
Reg-File:
Windows Registry Editor Version 5.00
;https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/index.html
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\Installer]
;Disable Repair Button
"DisableMaintenance"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\1.0\ARM]
"iCheck"=dword:00000000
"iCheckReader"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\Legacy\Reader\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}]
;0= Do not download or install updates automatically.
"Mode"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\DC\AdobeViewer]
;Accept EULA
"EULA"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown]
;Disables both updates to the product's web-plugin components as well as all services.
"bUpdater"=dword:00000000
;Specifies whether to enable the First Time Experience (FTE) feature.
"bToggleFTE"=dword:00000001
;Disables and locks a PDF's ability to display commercial ads.
"bCommercialPDF"=dword:00000001
;Specifies whether Flash content should be rendered in a PDF.
"bEnableFlash"=dword:00000000
; Disables the Help > Purchase Acrobat menu item in Adobe Reader.
"bPurchaseAcro"=dword:00000000
;Specifies whether to show the menu item that opens the online Actions file library.
"bFindMoreWorkflowsOnline"=dword:00000000
;Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.
"bFindMoreCustomizationsOnline"=dword:00000000
;Specifies whether a document's certification status should appear in the Protected View's DMB
"bEnablePVCertificateBasedTrust"=dword:00000000
;If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.
"bDisableOnBehalfOfText"=dword:00000000
;Disables messages which encourage the user to upgrade the product.
"bAcroSuppressUpsell"=dword:00000001
;Enables enhanced security for the standalone application.
"bEnhancedSecurityStandalone"=dword:00000001
;Enables enhanced security when the application is running in the browser.
"bEnhancedSecurityInBrowser"=dword:00000001
;Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
"bDisableTrustedFolders"=dword:00000001
;Disables and locks the ability to specify host-based privileged locations.
"bDisableTrustedSites"=dword:00000001
;Specifies whether to disable WebMail.
"bDisableWebmail"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices]
;Disables all service access except those features controlled by the other preferences.
"bToggleAdobeDocumentServices"=dword:00000001
;Disables Adobe Send for Signature (formerly EchoSign).
"bToggleAdobeSign"=dword:00000001
;Disables preferences synchronization.
"bTogglePrefsSync"=dword:00000001
;Disables 3rd party connectors.
"bToggleWebConnectors"=dword:00000001
;Toggles the Adobe Send and Track plugin for Outlook
"bAdobeSendPluginToggle"=dword:00000000
MSI Product-Code for Detection:
{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
Disable Update Task
Detection PS:
if(Get-Process armsvc -ea SilentlyContinue) { $true } else { $false }
Remediation PS:
Get-Process armsvc -ea SilentlyContinue | Stop-Process -Force;
Get-Process adobeARM -ea SilentlyContinue | Stop-Process -Force;
Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Adobe ARM' -ea SilentlyContinue
Get-ScheduledTask "Adobe Acrobat Update Task" | Disable-ScheduledTask
Set-Service AdobeARMService -StartupType Disabled