Enhanced security setting for PDFs

PDFs have evolved from static pages to complex documents with features such as interactive forms, multimedia content, scripting, and other capabilities. These features leave PDFs vulnerable to malicious scripts or actions that can damage your computer or steal data. Enhanced security lets you protect your computer against these threats by blocking or selectively permitting actions for trusted locations and files.

When enhanced security is enabled and a PDF tries to complete a restricted action from an untrusted location or file, a security warning appears. The type of warning depends on the action and your version of Acrobat or Reader. (See Security warnings.)

For technical details about enhanced security, primarily for administrators, see the documents at www.adobe.com/go/learn_acr_appsecurity_en.

Enable enhanced security

Acrobat and Reader X, 9.3, and 8.2 enable enhanced security by default. Adobe recommends that you enable enhanced security if it is not already enabled, and that you bypass restrictions only for trusted content.

  1. Choose Preferences.
  2. From the Categories on the left, select Security (Enhanced).
  3. Select the Enable Enhanced Security option.
  4. (Optional—Windows only) Select Cross Domain Log File for troubleshooting problems if your workflow involves cross-domain access using a server-based policy file.

Bypass enhanced security restrictions

With enhanced security enabled, only the files, folders, and locations that have been trusted are exempt from enhanced security’s restrictions. You can specify trusted locations and files in several ways, depending on the action the PDF is attempting to complete.

  • Use the privileged locations feature in the Enhanced Security panel to trust files, folders, and host domains (root URLs).

  • Configure Internet access using the Trust Manager. (See URL settings.)

  • For certified PDFs, trust the signer’s certificate for privileged network operations, such as networking, printing, and file access. (See Set the trust level of a certificate.)

  • Control cross-domain access using a server-based policy file. (See the Cross Domain Security document at www.adobe.com/go/learn_acr_appsecurity_en.)

Specify privileged locations for trusted content

Enhanced security provides a way to specify locations for trusted content. These privileged locations can be single files, folders, or host domains (root URLs). Content that resides in a privileged location is trusted. For example, enhanced security normally blocks PDFs from loading data from unknown websites. If you add the data’s origin (its host domain) to your list of privileged locations, Acrobat and Reader allow loading the data. For details, see the Enhanced Security document at www.adobe.com/go/learn_acr_appsecurity_en.

  1. Select Preferences > Security (Enhanced).
  2. Select the Enable Enhanced Security option.
  3. Specify a list of locations in the Privileged Locations section, and then click OK.
    • To trust any sites you already trust in Internet Explorer, select Automatically Trust Sites From My Win OS Security Zones.

    • To add only one or two PDFs from a location, click Add File.

    • To create a trusted folder for multiple PDFs, click Add Folder Path or Add Host.

    • To allow data to load from a website, enter the name of the root URL. For example, enter www.adobe.com, but not www.adobe.com/products. To trust files from secure connections only, select Secure Connections Only (https:).


    The setting Automatically Trust Sites From My Win OS Security Zones is applicable when Protected View is set to Files From Potentially Unsafe Locations

    If the Protected View is set to All Files, the trusted sites will open in the protected view by default unless you add it to the Privileged Locations list.

Cross-domain access

Enhanced security prevents a PDF in one host domain from communicating with another domain. This action prevents a PDF from getting malicious data from an untrusted source. When a PDF attempts cross-domain access, Acrobat and Reader automatically attempt to load a policy file from that domain. If the domain of the document that is attempting to access the data is included in the policy file, then the data is automatically accessible.

For more details, see the Application Security Guide at www.adobe.com/go/learn_acr_appsecurity_en.

Adobe logo

Sign in to your account