locked
EMET 5.5 causes Adobe Acrobat Reader DC 11 to fail if "Protected Mode" is enabled in Reader RRS feed

  • Question

  • Win 7 Professional x64

    EMET 5.2 & Adobe Acrobat Reader 11 were working together. Not sure what my EMET 5.2 mitigation settings were for Reader.

    Upgraded to EMET 5.5 and now I get a message when launching Adobe Reader saying:

    "Adobe Acrobat Reader DC cannot be opened in Protected Mode due to an incompatibility with your system configuration. Would you like to open Adobe Acrobat Reader DC with Protected Mode disabled?"

    If I select open with Protected Mode disabled, Adobe still crashes for certain operations. My default EMET settings for AcroRd32.exe are everything checked except ASR.

    If I disable all mitigations in EMET 5.5, Adobe Reader works normally.

    If I return mitigations to default and then additionally disable EAF+, the problem persists, although I found a post saying that fixed the issue in earlier versions of EMET.

    Question: Is there a custom set of mitigations that enable Reader to work, or should I disable Reader mitigations in EMET, or should I disable Protected Mode in Reader, or should I use a different PDF viewer like SumatraPDF?

    Thanks

    Sunday, April 24, 2016 11:56 AM

Answers

  • I solved the puzzle (I think). The EMET 5.5 mitigation that is blocking Adobe Reader 11 DC (2015.010.20060) with EMET 5.5 on my Win 7 x64 machine is Structured Overwrite Protection Handler (SEHOP).

    I played the point and click game in EMET 5.5, disabling one mitigation at a time, refreshing EMET, and then relaunching Adobe Reader 11. Adobe started working after disabling SEHOP. I then re-enabled the other default mitigations one by one, testing each time.

    Adobe is now working. All mitigations are applied except for:

    SEHOP and ASR (EAF+ seems to work although it is not a default and has caused problems in the past).

    I didn't try enabling ASR as it was disabled by default.

    There may be other features of Adobe that fail in this configuration. I have not thoroughly tested, but I hope it saves someone else the time of playing the one-by-one disabling and testing of mitigations and testing Adobe Reader to see why EMET 5.5 breaks the default configuration.

    Thanks,

    Troy

    • Marked as answer by SgtSQL Wednesday, April 27, 2016 9:04 PM
    Wednesday, April 27, 2016 9:02 PM

All replies

  • I solved the puzzle (I think). The EMET 5.5 mitigation that is blocking Adobe Reader 11 DC (2015.010.20060) with EMET 5.5 on my Win 7 x64 machine is Structured Overwrite Protection Handler (SEHOP).

    I played the point and click game in EMET 5.5, disabling one mitigation at a time, refreshing EMET, and then relaunching Adobe Reader 11. Adobe started working after disabling SEHOP. I then re-enabled the other default mitigations one by one, testing each time.

    Adobe is now working. All mitigations are applied except for:

    SEHOP and ASR (EAF+ seems to work although it is not a default and has caused problems in the past).

    I didn't try enabling ASR as it was disabled by default.

    There may be other features of Adobe that fail in this configuration. I have not thoroughly tested, but I hope it saves someone else the time of playing the one-by-one disabling and testing of mitigations and testing Adobe Reader to see why EMET 5.5 breaks the default configuration.

    Thanks,

    Troy

    • Marked as answer by SgtSQL Wednesday, April 27, 2016 9:04 PM
    Wednesday, April 27, 2016 9:02 PM
  • I also upgraded from EMET 5.2, but in my case disabling any of mitigations for AcroRd32.exe didn't help (EMET 5.5 and EMET 5.51).

    Had to globally deselect "Deep Hooks" for all applications (ribbon at Apps window) - although problem is only with Acrobat Reader DC and it's protected mode.

    Maybe because of some conflict with Comodo Internet Security...

    Is there any way to disable "deep hooks" mitigation only for Acrobat Reader related stuff?

    Thursday, November 3, 2016 3:32 PM
  • Thanks. I hadn't applied your fix because I had EMET 5.5 installed before Acrobat.Problem happened this morning when Adobe did an auto update to the Licensing Module of the program, which suffered a fatal error. I removed Adobe from EMET, and disabled my Avast Premium too. I never have protective applications, or games covered by EMET. I had to do a manual, offline reinstall of Adobe Acrobat Reader DF Pro using an .exe file from the Adobe Website. So, your solution probably works with any major application licensing issues. By the book, SEHOP is disabled in every 64bit app I have, any online Office Applications, which probably should have clued me with Adobe too. SEHOP is also disabled with any players I have installed.
    Monday, January 23, 2017 12:35 AM