I was discussing a recent policy change with a coworker regarding blocking Adobe products from spawning child processes for security reasons, specifically to protect against malicious PDFs. I noticed that a process called 'AcroCEF.exe' got blocked, which I found is a legitimate process. However, I'm concerned because it's trying to access a folder in my documents that seems inappropriate. Other processes are doing similar things, and I found out a file in that folder is tied to Radeon Host Services. I'm looking for some insights on whether it's necessary for Acrobat to spawn these child processes and if anyone in the security field has dealt with this issue before. Thanks in advance!
4 Answers
From what I understand, several conversion and optimization tools can operate externally, which may require these child processes. It’s something to think about as it could impact functionality depending on what tools you're using.
We enforce this feature across all applications, including Adobe and Office, and so far, no users have reported any problems. It might be that certain extensions or internal scripts require it, but in my experience, we haven’t run into any issues with this policy.
We've implemented the same kind of hardening policy here, and to be honest, it hasn't caused any significant issues for us. I think it largely depends on what specific plugins your users might be running. Personally, I haven't noticed any problems since blocking child processes.
That’s great to hear, thanks for sharing!
CEF refers to the Chromium Embedded Framework, which is tied to Google Chrome. I wonder if blocking it affects any essential functionality in Acrobat. Have you experienced any features breaking with it turned off?
I haven't noticed any features breaking, so that's a relief!
Interesting! I was just puzzled because I keep seeing it trying to access that protected folder.