Copy link to clipboard
Copied
Hello,
I want to understand how this works. I would like to know why Flash would need to launch cmd.exe. I understand that it may be necessary but I would like a confirmation and a technical explanation as to why this is necessary.
This particular commandappears to delete a particular .exe process. What does the >> NUL at he end of this command mean?
"C:\WINDOWS\system32\cmd.exe" /c del "C:\WINDOWS\system32\Macromed\Temp\{CF184F3E-3E25-4415-AFFA-938D7D8E08CD}\InstallFlashPlayer.exe" >> NUL
Just an additional example of what I see. Just want to know what the parameters are doing or what they mean. Obviously -uninstall is fairly self-explanatory but what of the others.
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_ActiveX.exe -uninstall activex -msi
What's the difference in Plugin and ActiveX? These examples are also related to the command above.
What is this doing? This is related to the first command listed above (note the same temp file path)
"C:\WINDOWS\system32\Macromed\Temp\{CF184F3E-3E25-4415-AFFA-938D7D8E08CD}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 2 -au 4294967295
Please provide technical explanations if possible or a link to the proper documentation. Much appreciated.
Thanks for the help. If you need anything additional I will try my best to provide you with more information.
Copy link to clipboard
Copied
The Flash Player installer is a 32-bit application that contains both the 32-bit and 64-bit versions of Flash Player. skipARPEntry is only seen on 64-bit system instructing Flash Player to not create a a dual entry in the Control Panel Add/Remove Programs (Win7 and below) or Programs & Features (Win8.1 and above), as only 1 entry is the desired behaviour. This prevents end-user confusion (if 2 entries wer present) and other potential negative behaviours.
Copy link to clipboard
Copied
Do you know the reason a command shell is being launched?
Copy link to clipboard
Copied
The command you're citing is the installer cleaning up after itself.
Can you give us some context for why you need this information?
Copy link to clipboard
Copied
I am an analyst and we have a generic rule written on one of our tools that fired on this application launching a command shell. I figured it was cleaning itself but I wanted to clarify with the Adobe community. Thank you!
Copy link to clipboard
Copied
Yeah, no problem. We were just curious about what you were up to.
If you're doing this kind of research as part of an enterprise deployment evaluation, we have better options for deployment through SCUP/SCCM, etc (and redistribution requires a free license, which would grant you access to those bits).