I recently came across a situation where my coworker enabled a policy that prevents Adobe products from spawning child processes. This seems like a good idea for security, especially against malicious PDFs. However, I noticed that a process called "AcroCEF.exe" was blocked. After some digging, it looks legitimate but is trying to access a folder in my Documents that doesn't seem right. Other processes are doing the same, and it's tied to Radeon Host Services, which makes it even weirder. I'm looking for insights from folks who are knowledgeable about security. What are your thoughts?
3 Answers
We apply this block to pretty much all applications, like Adobe and Office. We've had no issues reported from users. There could be some specific extensions or internal scripts that might need to spawn processes, but we haven't run into that ourselves.
Just so you know, CEF typically stands for Chromium Embedded Framework, which is related to Chrome. With it blocked, are you noticing any broken functionalities?
Nope, nothing seems broken on my end.
We've enabled similar restrictions in our setup too. So far, it hasn't caused any problems for us. It might come down to the specific plugins or features your users are using, but we've blocked child processes without a hitch.
Thanks for the insight! That's reassuring.
Interesting! I just found it odd that it wanted access to a protected folder.