Intune and Defender 365 – Adobe Acrobat Reader Hardening

Adobe Acrobat Reader Hardening Guide

In order to protect it from potential security risks like malware or unauthorized access to sensitive data, Adobe Acrobat Reader DC must be hardened. One way to improve the security of the software is to disable JavaScript and Flash settings via the registry. Thus, it is possible to stop the execution of potentially harmful scripts or Flash content that could compromise the system or steal sensitive data. It’s important to keep in mind, though, that some PDF files that depend on these features may not function properly.

Defender 365 Recommendations

In the Microsoft 365 Defender portal, new recommendations from Microsoft are constantly being added. When Defender detects a system on the network that has Adobe Acrobat Reader DC installed, the following two security enhancements are automatically suggested.

To fix this it is suggested to adjust the following registry keys on the device.
bEnableFlash / bDisableJavaScript

Intune Powershell Script Deployment

Now there are several ways to distribute this via Microsoft Intune Portal. One way would be via PowerShell Script. Home -> Devices -> Scripts

$path1 = 'HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
$path2 = 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown'

New-item -Path $path1 -Force | Out-Null
New-ItemProperty -Path $path1 -Name 'bEnableFlash' -Value 0 -PropertyType DWord
New-ItemProperty -Path $path1 -Name 'bDisableJavaScript' -Value 1 -PropertyType DWord

New-item -Path $path2 -Force | Out-Null
New-ItemProperty -Path $path2 -Name 'bDisableJavaScript' -Value 1 -PropertyType DWord

This way is relatively quick to implement and the security of the application increase in a few minutes.

Intune Proactive Remediation Solution

The second way would be to do it with Pro. I think this is the better way because here a whole error handling can setup and the subsequent overview of the deployment is more transparent.

Home -> Reports | Endpoint Analytics -> Endpoint Analytics -> Proactive remediations

Detection script

$path1 = Test-Path -Path 'HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
$path2 = Test-Path -Path 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown'
$key1 = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
$key2 = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
$key3 = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown'
 
if (($path1 -eq 'TRUE') -AND ($path2 -eq 'TRUE'))
{
    if (($key1.bEnableFlash -eq '0') -AND ($key2.bDisableJavaScript -eq '1') -AND ($key3.bDisableJavaScript -eq '1')){

        Write-Output "Adobe Security Defaults successful"       
        exit 0
    }
    else  
    {
        Write-Output "Keys missing"
        exit 1
    }
}
else
{
    Write-Output "Paths missing"
    exit 1
}

Remediation script

$path1 = 'HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
$path2 = 'HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown'

try  {
    New-item -Path $path1 -Force
    New-ItemProperty -Path $path1 -Name 'bEnableFlash' -Value 0 -PropertyType DWord -Force
    New-ItemProperty -Path $path1 -Name 'bDisableJavaScript' -Value 1 -PropertyType DWord -Force

    New-item -Path $path2 -Force
    New-ItemProperty -Path $path2 -Name 'bDisableJavaScript' -Value 1 -PropertyType DWord -Force

    exit 0
}
catch {
    $errMsg = $_.Exception.Message
    Write-host $errMsg
    exit 1
}

Assign to a device group and that’s it, within a few hours results are visible.

Conclusion

In conclusion, hardening Adobe Acrobat Reader DC by disabling JavaScript and Flash settings via the registry is a crucial step in improving the security of the application in a company environment. In today’s increasingly digital world, it is essential for companies to take proactive measures to secure their applications and protect their data.

There are many more Steps to improve Security, look here:

Nico Wyss

Writer & Blogger

Be the First in Line!

Sign up for a Newsletter.

You have been successfully Subscribed! Ops! Something went wrong, please try again.

© 2023 Copyright