Flash is launching cmd.exe. What is -skipARPEntry parameter?

Report · May 06, 2017

Hello,

I want to understand how this works. I would like to know why Flash would need to launch cmd.exe. I understand that it may be necessary but I would like a confirmation and a technical explanation as to why this is necessary.

This particular commandappears to delete a particular .exe process. What does the >> NUL at he end of this command mean?

"C:\WINDOWS\system32\cmd.exe" /c del "C:\WINDOWS\system32\Macromed\Temp\{CF184F3E-3E25-4415-AFFA-938D7D8E08CD}\InstallFlashPlayer.exe" >> NUL

Just an additional example of what I see. Just want to know what the parameters are doing or what they mean. Obviously -uninstall is fairly self-explanatory but what of the others.

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_ActiveX.exe -uninstall activex -msi

What's the difference in Plugin and ActiveX? These examples are also related to the command above.

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_Plugin.exe" >> NUL

"C:\Windows\system32\cmd.exe" /c del "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_ActiveX.exe" >> NUL

What is this doing? This is related to the first command listed above (note the same temp file path)

"C:\WINDOWS\system32\Macromed\Temp\{CF184F3E-3E25-4415-AFFA-938D7D8E08CD}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 2 -au 4294967295

Please provide technical explanations if possible or a link to the proper documentation. Much appreciated.

Thanks for the help. If you need anything additional I will try my best to provide you with more information.

Report · May 08, 2017

The Flash Player installer is a 32-bit application that contains both the 32-bit and 64-bit versions of Flash Player. skipARPEntry is only seen on 64-bit system instructing Flash Player to not create a a dual entry in the Control Panel Add/Remove Programs (Win7 and below) or Programs & Features (Win8.1 and above), as only 1 entry is the desired behaviour. This prevents end-user confusion (if 2 entries wer present) and other potential negative behaviours.

Report · May 10, 2017

Do you know the reason a command shell is being launched?

Report · May 10, 2017

The command you're citing is the installer cleaning up after itself.

Can you give us some context for why you need this information?

Report · May 10, 2017

I am an analyst and we have a generic rule written on one of our tools that fired on this application launching a command shell. I figured it was cleaning itself but I wanted to clarify with the Adobe community. Thank you!

Report · May 10, 2017

Yeah, no problem. We were just curious about what you were up to.

If you're doing this kind of research as part of an enterprise deployment evaluation, we have better options for deployment through SCUP/SCCM, etc (and redistribution requires a free license, which would grant you access to those bits).

Adobe Community

Flash is launching cmd.exe. What is -skipARPEntry parameter?