3 Replies Latest reply on Apr 16, 2018 9:23 AM by maria__

    Is there a simple administration utilities for running the flash updater proactively?

    tobenary Level 1

      Hi There,

      I'm using a new Antivirus software and getting too many False Positive cases when opening a document which leads a link.

      The workflow of the False Positive is:

      1. Opening a document with some links
      2. Clicking on a link inside the document will open "Internet Explorer" or "Chrome" browsers.
      3. FlashUpdater is running and receiving its updates.
      4. When it's receiving its update packages, I'm getting FP.

       

      I'm asking for a proactive way to push Flash updates every hour / specific times / every day at 8 am / you name it...

      Is there a simple administration utility for running the flash updater proactively?

      That will solve my issues with the Antivirus vendor and number "3" in the above workflow: ( also marked with BOLD )

      "receiving the update" won't happen - because it was already updated before.

       

      Please help.

        • 1. Re: Is there a simple administration utilities for running the flash updater proactively?
          maria__ Adobe Employee

          Hi,

           

          Please provide the following information:

          • What Windows version is this on?
          • Antivirus software, including version
          • Is 'FlashUpdater is running and receiving its updates' the exact message being reported?
            • Is the antivirus software reporting this message or is it displaying somewhere else?
            • What is the exact Flash Player process name that is running when this message is returned
          • The workflow you mention doesn't appear valid.  If Flash Player is already installed on the system, opening a link to Flash content shouldn't trigger an update to occur.
            • If possible please provide us with one of the documents in question. You can upload it to cloud.acrobat.com/send and private message me the URL to download the document.  To send a private message, click on my user_name link and then on the 'Message' button link.  For reference, include a link to this discussion topic in your private message.

           

          As for a proactive way to push Flash updates, Flash Player's normal release cadence is the second Tuesday of the month (Patch Tuesday).  zero-day vulnerability releases can happen at any time outside of the standard release cadence.  The best, quickest way, to update Flash Player is to opt into Background Updates (update option = Allow Adobe to install updates automatically (recommended)).  Assuming an active internet connection, Background Update will update Flash Player within 24 hours of a new version being available.  Alternatively, if this is for updating Flash within your organization, you can obtain a distribution license (free for most use cases) and deploy Flash via SCCM, Group Policy, or hosting Background Updates internally in your organization and bypassing Adobe's servers.  For more information on Flash Player distribution see Adobe Flash Player Distribution | Adobe

           

          --

          Maria

          • 2. Re: Is there a simple administration utilities for running the flash updater proactively?
            tobenary Level 1

            Hi Maria,

            Excuse me for my late response, I was on vacation.

            • What Windows version is this on? Windows 10 1709 64bit.
            • Antivirus software, including version SentinelOne, 2.6.0
            • Is 'FlashUpdater is running and receiving its updates' the exact message being reported? Yes
              • Is the antivirus software reporting this message or is it displaying somewhere else? AV displays and kills
              • What is the exact Flash Player process name that is running when this message is returned
                • In this case, the flash updater writes itself to the autorun key:
                • registry autorun callback: process((Uid: AB4E4C7551B330C1, Name: FlashUtil64_27_0_0_187_ActiveX.exe, Pid: 5856, Session Id: 1)) key (\REGISTRY\USER\S-1-5-21-2107199734-1002509562-578033828-95736\Software\Microsoft\Windows \CurrentVersion\RunOnce) value (FlashPlayerUpdate) data (C:\WINDOWS\system32\Macromed\Flash\FlashUtil64_27_0_0_187_ActiveX.exe -update activex) type (REG_SZ)
              • however, in some cases, iexpore.exe writes the autorun key:
                • registry autorun callback: process((Uid: 7816E19C1504F4DE, Name: iexplore.exe, Pid: 9840, Session Id: 1)) key (\REGISTRY\USER\S-1-5-21-2107199734-1002509562-578033828-75464\Software\Microsoft\Windows \CurrentVersion\RunOnce) value (FlashPlayerUpdate) data (C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_ActiveX.exe -update activex) type (REG_SZ)
            • 3. Re: Is there a simple administration utilities for running the flash updater proactively?
              maria__ Adobe Employee

              Was your system recently updated from Windows 7 to Windows 10?

               

              The file in the RunOnce entry is for updating Flash Player ActiveX, however,  you're on Windows 10 and as of Windows 8, Microsoft embeds Flash Player ActiveX in IE, and Edge in Windows 10.  Therefore, that file will NOT exist on Windows 10.  The only thing I can think of is if this was an update from Windows 7 to 10 that didn't go very well, leaving residual files behind that are now misbehaving.  For example, if a Windows 7 system (that had Flash Player installed) was upgraded to Windows 10, the upgrade should have removed all of the old Flash Player files, since Microsoft embeds Flash Player in IE and Edge.

               

               

               

              Please provide screenshots of the contents of the C:\WIndows\System32\Macromed\Flash and C:\Windows\SysWOW64\Macromed\Flash directory.  Please ensure file extensions are displayed before taking the screenshots.  If you need to enable viewing file extensions see https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files