I've been catching a number of Flash Player files trying to execute from subfolders within the Content.IE5 folder. We've captured and ran the files through Virustotal and they seem legitimate, they're even digitally signed. However, previously we only saw these update files trying to launch from the %temp% folder so I'm wondering what is triggering and causing these updates to download from IE and try to execute? Example file name 'install_flashplayer16x32axau_gtbd_chrd_dn_aaa_aih.exe' found in path 'c:\Users\USER1234\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWHO0WOW'
This is on a large corporation network and hiding update prompts is important to reduce calls to the help desk. Is there some way we can block this? I know you guys like to make life hard to disable update notifications