Block PDF software from creating child processes
Prevent PDF programs from running other programs to improve security.
🏛️ Framework
ASD Essential Eight
🧭 Control effect
Preventative
🛠️ E8 mitigation strategy
Application hardening
🔐 Classifications
N/A
🗓️ Official last update
N/A
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
ML2
PDF software is blocked from creating child processes.
Source: ASD Essential Eight
Plain language
Blocking PDF programs from running other programs helps prevent cybercriminals from using them to install malicious software on your computer. Without this control, opening an innocent-looking PDF file could unwittingly allow attackers to sneak harmful programs into your system.
Why it matters
If PDF apps can spawn child processes, a malicious PDF may execute malware, enabling code execution and data compromise.
Operational notes
Enforce OS policy (e.g., ASR/WDAC/AppLocker) to block PDF readers from launching child processes; audit events and exceptions regularly.
Implementation tips
- IT Team should configure PDF software settings to block it from creating child processes. This can usually be done through the software's advanced security settings options.
- System Administrator should apply group policies that restrict PDF applications from executing other programs. Use the Group Policy Editor to configure these settings across the network.
- Security Officer should ensure all staff use approved PDF readers that adhere to the organisation's security policies. Deploy chosen software via a software management tool to ensure consistency.
- IT Support should regularly update PDF software to the latest version to ensure all security patches are applied. Enable automatic updates where possible.
- IT Team should conduct regular checks to verify that the policy preventing PDF software from creating child processes is still in place and active.
Audit / evidence tips
-
Ask: Have the PDF applications been restricted from creating child processes?
-
Good: The group policy clearly shows settings preventing PDF applications from creating child processes, confirmed by policy export or screenshots
-
Ask: Are there regular audits ensuring compliance with this policy?
-
Good: There are documented audit logs with consistent findings, confirming adherence to the policy
Cross-framework mappings
How E8-AH-ML2.8 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| ISM-1470 | E8-AH-ML2.8 requires blocking PDF software from creating child processes as a specific hardening measure | |
| Supports (3) | ||
| ISM-0843 | E8-AH-ML2.8 requires PDF software to be blocked from creating child processes, typically enforced via OS/application control mechanisms (e.g | |
| ISM-0846 | E8-AH-ML2.8 requires enforcement that prevents PDF software from creating child processes | |
| ISM-1824 | E8-AH-ML2.8 requires a technical enforcement that prevents PDF software from spawning child processes | |
| Related (1) | ||
| ISM-1670 | E8-AH-ML2.8 requires PDF software to be blocked from creating child processes to prevent PDFs from launching other programs | |