Adobe Reader DC must disable periodical uploading of European certificates.

An XCCDF Rule

Description

<VulnDiscussion>By default, the user can update European certificates from an Adobe server through the GUI. When uploading European certificates is disabled, it prevents the automatic download and installation of certificates and disables and locks the end user's ability to upload those certificates.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213190r400378_rule
Severity: Low
References: CCI-002470
Updated: about 1 year ago

Configure the following registry value:

Note: The Key Names "cDigSig" and "cEUTLDownload" are not created by default in the Adobe Reader DC install and must be created.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Adobe\Acrobat Reader\DC\Security\cDigSig\cEUTLDownload
Value Name: bLoadSettingsFromURL 
Type: REG_DWORD
Value: 0

Adobe Reader DC must disable periodical uploading of European certificates.

Description

Remediation - Manual Procedure