PDF Policy Settings
[Policy] > [Basic Demilitarization Policy] > [PDF] Settings
The PDF tab defines policies for removing or safely importing malicious elements that may be included in PDF files.
You can control elements such as scripts, annotations, and actions to respond to PDF-based threats.
⚠️ The permission to set the basic de-identification policy is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
Detailed Description of Settings Items
| Policy Name | Description |
|---|---|
| Settings for Processing Digitally Signed PDFs | Set the handling of PDFs that include digital signatures. A digital signature is a feature that ensures the integrity of a document, but signed documents can also contain malicious content. |
| PDF JavaScript Removal Settings | Set whether to remove JavaScript code included in the PDF. JavaScript is a script that automatically runs when viewing PDF documents and can trigger malicious behavior. |
| Remove PDF Action Settings | Set whether to remove action scripts and commands included in the PDF document. Action can trigger automatic actions such as opening documents, navigating pages, and calling external links, which can be considered a security threat. |
| PDF Annotation Removal Settings | Set whether to remove annotations included in the PDF document and the metadata associated with those annotations. Comments can lead to unintended information leakage by the document author and can be exploited for security threats such as the insertion of malicious scripts. --- Hyperlinks are also included in annotations, and you can set them as exceptions for removal by specifying 'LinkAnnotation' in 'PDF Annotation Exception Settings'. |
| PDF Annotation Exception Settings | Specify the annotation types to exclude from removal.<br /> This allows you to preserve annotation content that serves as important notes, form fields, and interaction elements within the document, maintaining the meaning and integrity of the document. --- LinkAnnotation refers to the hyperlink connection area, PopupAnnotation refers to the popup text of a note annotation, and WidgetAnnotation corresponds to form field UI such as input fields and checkboxes. Input example) PopupAnnotation;WidgetAnnotation;LinkAnnotation; |
Input Rules and Precautions
- PDF Annotation Exception Settingsis
주석 제거 설정thisONIt only applies when. - When specifying exceptions, the comment type is**Use the correct names and separate them with semicolons (;).**must do.
- A digital signature document may become invalid if the content is changed due to its security characteristics, soSelect processing method according to business purposemust do.
- JavaScript and Action elements can trigger actions without the user's consent when executing a PDF, so their removal is recommended.
Notes
| Terminology | Definition | Security Threats | example |
|---|---|---|---|
| Digital Signature | Electronic signatures that can verify the authenticity of the document and check for forgery or alteration. | Malicious JavaScript or attachments included in signed PDFcan be | Hidden malicious scripts included in signed contract PDF |
| PDF JavaScript | Insertable into PDF documentsscript codeto respond to user actions or perform automated tasks | When viewing the documentAutomatic Download, Accessing External SitesPossible malicious activities such as | Automatically open a window when opening a document, URL access |
| PDF Action | Executed according to document eventsCommand Action Trigger(for example: opening a document, clicking a button, etc.) | Specific Actions When Opening a DocumentAuto RunPossible occurrence of security threats | Open another document immediately after opening the document, execute script |
| PDF Annotations (Annotation) | Additional elements for information delivery such as notes, highlights, and file attachments inserted in the document. | malicious links in comments,Hidden CodeorAttached fileInsertable | Include links in highlights, attached executable file |
- This setting applies only to PDF documents. Document formats such as Word and HWP need to be configured in a separate tab.
- All configuration change histories can be tracked and restored in the [Policy Change History] menu.