Skip navigation
pcunite
pcunite
Currently Being Moderated

Flash player newer than 11.1.102.63 will not work on Windows 7 x64

May 4, 2012 2:24 PM

Tags: #flash #permissions

If I install any version of flash higher than 11.1.102.63 it will not work on Windows 7 x64 under a LUA account. I have a very secure box using SRP policies. I've used the subinacl and reset_fp11.bat to no effect. Please advise.

5050 Views   12 Replies   Latest reply: pcunite, Sep 8, 2012 8:59 AM
 
Replies
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    1. Chris Campbell,
    May 4, 2012 4:34 PM   in reply to pcunite
    Report

    I've got a few questions for you.  Is a LUA account the same as a standard user account?  If you create an admin account, does the player work properly?  Can you elaborate on how your SRP policies might affect a Flash Player install?  What browsers have you tried?  If you haven't already, can you see if Flash works properly with Chrome (it's built in, so no need to install.)  Finally, could you post a copy of your install log so we can see if anything is failing there?

     

    Where do I find the Flash Player installation log on Windows?

     

    Thanks,

    Chris

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    2. pcunite,
    May 5, 2012 6:35 AM   in reply to Chris Campbell
    Report

    Is a LUA account the same as a standard user account?

    Yes

     

    If you create an admin account, does the player work properly?

    Yes, I install it from the admin account and it works fine there.

     

    Can you elaborate on how your SRP policies might affect a Flash Player install?

    Standard user accounts can not execute from directories they have permission to write to. No temp folders, desktop, etc.

     

    What browsers have you tried?

    IE 8 & 9. Both have the same reaction.

     

     

    My testing:

    • Run uninstall_flash_player_64bit.exe
    • Manually delete all flash folder locations.
    • Browse to adobe.com/software/flash/about/ to prompt install for 11.2.202.235
    • Check "Never check for rupdates"
    • Test to see if Flash works under Administrator. It does.
    • Logoff and back on a standard user.
    • Browse to adobe.com/software/flash/about/ and watch IE hang forever. The CPU is not active.
    • Flash_blah never loads in memory. Tools Managne Add-ons does not show flash.
    • Control Panel / Flash Player 32 bit / Advanced shows "Plug-in Version: Not installed"

     

     

    The contents of C:\Windows\System32\Macromed\Flash\FlashInstall.log

    =O====== M/11.2.202.235 2012-05-05+13-12-27.896 ========
    0000 [I] 00000010 "C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX. exe" -refreshIEElevationPolicies
    =X====== M/11.2.202.235 2012-05-05+13-12-27.927 ========

    =O====== M/11.2.202.235 2012-05-05+13-12-27.896 ========
    0000 [I] 00000010 "C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX. exe" -refreshIEElevationPolicies
    =X====== M/11.2.202.235 2012-05-05+13-12-27.943 ========

    =O====== M/11.2.202.235 2012-05-05+13-12-23.653 ========
    0000 [W] 00001113 C:\Windows\system32\Macromed\Flash\\* 3
    0001 [I] 00000010 "C:\Users\ADMINI~1\AppData\Local\Temp\{38334A5F-64C9-4F22-9451-F1B4DD C4BC5F}\InstallFlashPlayer.exe" -iv 6
    0002 [W] 00001036 Software\Macromedia\FlashPlayer\SafeVersions/11.0 2
    0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
    0004 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
    0005 [W] 00001036 Software\Macromedia\FlashPlayer\SafeVersions/11.0 2
    0006 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
    0007 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
    0008 [I] 00000020 C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    0009 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
    0010 [I] 00000013 C:\Windows\system32\Macromed\Flash\Flash64_11_2_202_235.ocx
    0011 [I] 00000015 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.e xe
    0012 [I] 00000016 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.d ll
    0013 [I] 00000019 C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    0014 [I] 00000011 1
    0015 [I] 00000012
    =X====== M/11.2.202.235 2012-05-05+13-12-49.596 ========

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    3. pcunite,
    May 5, 2012 7:30 PM   in reply to pcunite
    Report

    This shows up in the event viewer for Microsoft-Windows-UAC-FileVirtualization/Operational:

    Operation on file "\Device\HarddiskVolume1\Users\jason\AppData\Roaming\Macromedia\Flash Player\macromedia.com" excluded from virtualization.

     
    |
    Mark as:
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    4. Chris Campbell,
    May 11, 2012 3:55 PM   in reply to pcunite
    Report

    Thanks for the follow up information.  I'm forwarding this to our installer team for their review.

     

    Chris

     
    |
    Mark as:
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    5. Chris Campbell,
    May 11, 2012 4:04 PM   in reply to Chris Campbell
    Report

    Could you try running through the steps in this FAQ to see if it solves the problem?

     

    How do I fix Windows permission problems with Flash Player?

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    6. pcunite,
    May 12, 2012 1:30 PM   in reply to Chris Campbell
    Report

    The fix is to add a hash entry for the dll file in the Software Restriction Policy editor ... see http://wilderssecurity.com/showthread.php?t=321105.

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    7. pcunite,
    May 12, 2012 1:49 PM   in reply to pcunite
    Report

    I would ask the Flash developers to consider honoring a proper LUA environment. It is very important that a directory a user can write too also not be an executable location. Thus the flash dll needs to write to %userprofile% directories and not copy executable code there. On our systems those locations will not be allowed to execute. Thank you.

     
    |
    Mark as:
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    8. Chris Campbell,
    May 15, 2012 5:08 PM   in reply to pcunite
    Report

    Thank you for the heads up.  I've forwarded this thread to our installer team for their review.  I'd like to see this fixed, would you mind opening a bug on this at bugbase.adobe.com and post the bug URL back here and at wilderssecurity.com so that others affected can add their votes and comments?

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    9. pcunite,
    May 18, 2012 1:08 PM   in reply to Chris Campbell
    Report

    Bug reported:

    https://bugbase.adobe.com/index.cfm?event=bug&id=3193896

     
    |
    Mark as:
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    10. Chris Campbell,
    May 18, 2012 1:44 PM   in reply to pcunite
    Report

    Thank you

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    11. pcunite,
    Jun 9, 2012 12:00 PM   in reply to Chris Campbell
    Report

    My bug was closed because it was a duplicate. The original bug has closed as NotABug. The latest version of flash 11.3.3000.257 ... still has this bug. I know ... writing secure software is very hard.

     

    https://bugbase.adobe.com/index.cfm?event=bug&id=3154246

    https://bugbase.adobe.com/index.cfm?event=bug&id=3193896

     

     

     
    |
    Mark as:
  • pcunite
    Currently Being Moderated
    12. pcunite,
    Sep 8, 2012 8:59 AM   in reply to pcunite
    Report

    Flash version 11.4.402.265 no longer needs the SRP workaround. Thank you for the fix.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Incoming Links

Bookmarked By (0)