I've recently been looking at deploying Adobe Reader X, but have had issues with the incompatibility of the VSE Buffer Overflow Protection & Adobe Reader X's protected mode.
I'd been told previously that this incompatibility issue would be fixed with VSE 8.8 however this doesn't seem to be the case.
The workaround of putting in a BOP exclusion for AcroRd32.exe isn't ideal as this will then exclude all older versions of Adobe Reader also, which is bad... Has anyone managed to get this working any other ways?
The Acrord32.exe exemption is the only workaround I know of, and the relevant McAfee technote hasn't been updated.
If there is a solution, I would be interested in also knowing it.
Just realised the BOP exclusions can contain a full path, not just the executable name... Initiall testing of this seems to work (need to enclose the path in quotes).
This means we should be able to exclude only for Reader X by using the full path in the exclusion. Still not as good as the products working together properly, but better that excluding all AcroRd32.exe versions...
So after further testing, things act a bit weird for me.
-Using AcroRd32.exe specified locally allows Reader X to open in protected mode
-Using AcroRd32.exe in the ePO policy allows Reader X to open in protected mode
-Using "C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" specified locally allows Reader X to open in protected mode
-Using "C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" in the ePO policy doesn't Reader X to open in protected mode, althought the exclusion is shown in the computers BOP settings. (from this point, if you open the exclusion list & re-click apply, Reader X opened properly... Presumably it'll break after a policy enforcement again though)
We are experiencing the same problem. In a response in another thread:
it's said that the problem was supposed to be fixed with the 10.0.1 update, but I can assure you that it is not fixed. As I reponded in that thread, Disabling BOP stops the conflict, but that is an unacceptable solution. I would be happy if the exclusion worked consistently.
My support case for the full path exclusions not working is with Teir 2 support. Havent heard anything from them for a while.
We did find what the problem was though, when applying a full path through the ePO policy, the agent adds some settings to the registry which breaks the exclusion. When applying from the VSE software directly these extra registry settings don't get put in.
For us, installing Reader 10.0.1 did fix the problem with BOP compatibility.
My reply to this thread may shed some light for you JayMan and DVestalMessage was edited by: stamandster on 3/29/11 9:17:10 AM CDT