Appearance
Adobe Acrobat Reader
Validate Adobe Acrobat Reader behaviors under the Secure Sandbox.
Objectives
- Enforce network controls for external links, form submissions, update checks, and Adobe Cloud features.
- Verify file system isolation for Open/Save operations and embedded attachments.
- Prevent data exfiltration via clipboard, drag-drop, screen capture, and printing.
- Confirm Adobe Cloud flows traverse the designated proxy per organization policy.
- Ensure Adobe's internal Protected Mode does not conflict with Turbo isolation.
Preconditions
- Windows target with Turbo Launcher and Secure Sandbox.
- Adobe Acrobat Reader installed.
- If Adobe Cloud features are allowed by policy, ensure allowlists and pinned roots are configured so traffic traverses the designated proxy.
Controls Under Test
runtime.networking.egressDefaultAction, proxy enforcement and pinned roots.runtime.files.contextsand isolation overlays.runtime.dataMotion.rules[]withchannel: "clipboard"|"dragDrop"|"screenCapture".device.type: "printer"controls.- External processors (for example, email/MAPI) when applicable.
Test Scenarios
| ID | Canonical ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|---|
| SCEN-APP-ADOBE-ACROBAT-READER-01 | NET-EGRESS-01 | External link (HTTP/HTTPS) | Click a hyperlink inside a PDF. | If default browser is sandboxed, request goes via proxy; if handed to host browser, association policy blocks or constrains. |
| SCEN-APP-ADOBE-ACROBAT-READER-02 | HARD-HOST-03 | Protected Mode compatibility | Open a PDF (any). | Reader functions correctly with Protected Mode; Turbo isolation still holds. |
| SCEN-APP-ADOBE-ACROBAT-READER-03 | HARD-FILES-01 | Save to host path | File > Save As to Host Desktop. | Writes restricted to overlay or allowed Storage Contexts. |
| SCEN-APP-ADOBE-ACROBAT-READER-04 | DM-CLIP-01 | Clipboard outbound (text) | Copy text and paste on host. | Denied/processed per policy. |
| SCEN-APP-ADOBE-ACROBAT-READER-05 | DM-CLIP-01 | Clipboard outbound (image/snapshot) | Edit > Take a Snapshot (or copy image) and paste on host. | Denied/processed per policy. |
| SCEN-APP-ADOBE-ACROBAT-READER-06 | DM-DRAG-01 | Drag-drop PDF to host | Drag the open PDF/tab or a file from recent list to Host Desktop. | Blocked per policy. |
| SCEN-APP-ADOBE-ACROBAT-READER-07 | DM-DRAG-01 | Drag embedded attachment | Open a PDF with an embedded attachment; drag the attachment to Host Desktop. | Blocked per policy. |
| SCEN-APP-ADOBE-ACROBAT-READER-08 | HARD-FILES-01 | Save embedded attachment | Open embedded attachment and attempt Save As to host path. | Denied or virtualized to overlay/context. |
| SCEN-APP-ADOBE-ACROBAT-READER-09 | HARD-FILES-01 | Open dialog boundaries | File > Open; navigate to C:\Windows or other blocked host paths. | Visibility restricted; access denied outside Storage Contexts. |
| SCEN-APP-ADOBE-ACROBAT-READER-10 | DM-DEVICE-01 | Print to physical printer | File > Print; select a physical printer. | Denied unless allowed; audit device event. |
| SCEN-APP-ADOBE-ACROBAT-READER-11 | DM-DEVICE-01 | Print to PDF/XPS | File > Print > Microsoft Print to PDF/XPS; save to Host Desktop. | Output restricted to overlay/context; device audit present. |
| SCEN-APP-ADOBE-ACROBAT-READER-12 | NET-EGRESS-01 | Direct IP link | Click a link to http://1.1.1.1 (or similar). | Denied per default deny; audit shows deny. |
| SCEN-APP-ADOBE-ACROBAT-READER-13 | NET-EGRESS-11 | IPv6 literal link | Click a link to https://[2606:4700:4700::1111]/. | Denied; audit ipVersion: 6, action: deny. |
| SCEN-APP-ADOBE-ACROBAT-READER-14 | NET-EGRESS-09 | Proxy fail-closed | Take designated proxy down; click any HTTPS link. | Denied; no direct fallback; reason: "proxyUnavailable", proxyEnforced: true. |
| SCEN-APP-ADOBE-ACROBAT-READER-15 | NET-EGRESS-10 | Proxy identity/pinning | Intercept proxy TLS with wrong CA; click any HTTPS link. | TLS error/handshake failure; `reason: "certMismatch" |
| SCEN-APP-ADOBE-ACROBAT-READER-16 | NET-EGRESS-08 | PAC/WPAD hijack | Configure PAC URL to untrusted proxy or enable auto-detect; click HTTPS link. | Denied/Ignored; `reason: "pacNotTrusted" |
| SCEN-APP-ADOBE-ACROBAT-READER-17 | NET-EGRESS-05 | Env proxy var bypass | Set HTTPS_PROXY=http://attacker:8080; click https://example.com. | Denied; reason: "unauthorizedProxy"; proxyEnforced: true. |
| SCEN-APP-ADOBE-ACROBAT-READER-18 | NET-EGRESS-06 | NO_PROXY bypass | Set NO_PROXY=*; click https://example.com. | Denied; reason: "proxyBypassAttempt"; proxyEnforced: true. |
| SCEN-APP-ADOBE-ACROBAT-READER-19 | NET-EGRESS-01 | PDF form submit (HTTP/HTTPS) | Open a PDF with an HTML form submit target; click Submit. | Denied unless allowlisted; requests traverse proxy; audit network event. |
| SCEN-APP-ADOBE-ACROBAT-READER-20 | NET-EGRESS-01 | JavaScript URL/HTTP attempt | Open a PDF using app.launchURL('https://example.com') or similar. | Denied unless allowlisted; audit shows proxy enforcement. |
| SCEN-APP-ADOBE-ACROBAT-READER-21 | NET-ENCRYPT-01 | Adobe Account sign-in | Sign in to Adobe in the right pane. | Allowed if policy allows; traffic traverses designated proxy and pinned roots. |
| SCEN-APP-ADOBE-ACROBAT-READER-22 | NET-EGRESS-13 | Adobe Document Cloud (Share/Save) | Use Share or Save to Adobe Cloud on a sample PDF. | Allowed only if policy allows; traffic via proxy; otherwise denied. |
| SCEN-APP-ADOBE-ACROBAT-READER-23 | NET-EGRESS-01 | Update check | Help > Check for Updates. | Requests traverse designated proxy; deny if server not allowlisted. |
| SCEN-APP-ADOBE-ACROBAT-READER-24 | DM-PROCEXT-03 | Send file by email (MAPI) | File > Share > Send file by Email (if available). | Denied per external processor policy or routed to sandboxed mail client; audit shows processor failure or deny with onProcessorFailure: "deny" semantics. |
| SCEN-APP-ADOBE-ACROBAT-READER-25 | NET-EGRESS-01 | file:// and UNC links | Click file://C:/... or \\\\server\\share\\... links. | Access blocked or constrained to Storage Contexts; SMB egress denied. |
| SCEN-APP-ADOBE-ACROBAT-READER-26 | DM-SCREEN-01 | Screen capture of Reader window | Use Snipping Tool to capture the Reader window. | Block/obfuscate or watermark per policy; audit screenCapture. |
Evidence Requirements
networkevents:protocol/alpn,destination/sni(when applicable),ipVersion,action,outcome,proxyEnforced, andreason(for example,unauthorizedProxy,proxyBypassAttempt,pacNotTrusted,proxyUnavailable,certMismatch,pinningFailed).fileOpevents: write attempts to host paths; includepath,action/outcome(deny/virtualized), and context identifiers.dataMotionevents:channel(clipboard|dragDrop|screenCapture),direction(for clipboard),action,outcome,rule.id,priority.deviceevents: print attempts, virtual printer usage.externalProcessorevents: attempts to hand off to email/MAPI, including outcome.
Example audit event (proxy fail-closed during link navigation):
json
{
"category": "network",
"action": "egress",
"outcome": "deny",
"ipVersion": 4,
"destination": "example.com:443",
"sni": "example.com",
"alpn": "h2",
"proxyEnforced": true,
"reason": "proxyUnavailable",
"rule": { "id": "NET-EGRESS-09", "priority": 80 }
}Troubleshooting
- Reader Protected Mode and Enhanced Security can change prompts and flows. Keep defaults; when a scenario is suppressed by Protected Mode, perform the action after enabling as required by the scenario and note the mode used.
- Some enterprise deployments hide cloud actions (Share/Document Cloud) via policy. If hidden, mark those scenarios as not applicable and prioritize link, form submit, and update flows to validate proxy enforcement.
- Many scenarios require a crafted PDF (embedded attachments, form submit targets, and small JavaScript launchers). Use a dedicated test PDF set with known behaviors and benign endpoints.
- If Adobe Cloud is allowed, ensure the proxy/pinning configuration includes the required Adobe domains so traffic consistently traverses the designated proxy.
Known Limitations & Negative Space
- These tests focus on Adobe Acrobat Reader. Acrobat Pro–specific authoring/export services are out of scope unless explicitly allowed by policy.
- Optical capture (camera/phone) is out of scope; handle via organizational controls.
- If sign-in or cloud features are disabled by enterprise policy, mark those scenarios as not applicable.
