6 Replies Latest reply on May 1, 2018 12:46 AM by tobenary

    Is there a simple administration utilities for running the flash updater proactively?

    tobenary

      Hi There,

      I'm using a new Antivirus software and getting too many False Positive cases when opening a document which leads a link.

      The workflow of the False Positive is:

      1. Opening a document with some links
      2. Clicking on a link inside the document will open "Internet Explorer" or "Chrome" browsers.
      3. FlashUpdater is running and receiving its updates.
      4. When it's receiving its update packages, I'm getting FP.

       

      I'm asking for a proactive way to push Flash updates every hour / specific times / every day at 8 am / you name it...

      Is there a simple administration utility for running the flash updater proactively?

      That will solve my issues with the Antivirus vendor and number "3" in the above workflow: ( also marked with BOLD )

      "receiving the update" won't happen - because it was already updated before.

       

      Please help.

        • 1. Re: Is there a simple administration utilities for running the flash updater proactively?
          maria__ Adobe Employee

          Hi,

           

          Please provide the following information:

          • What Windows version is this on?
          • Antivirus software, including version
          • Is 'FlashUpdater is running and receiving its updates' the exact message being reported?
            • Is the antivirus software reporting this message or is it displaying somewhere else?
            • What is the exact Flash Player process name that is running when this message is returned
          • The workflow you mention doesn't appear valid.  If Flash Player is already installed on the system, opening a link to Flash content shouldn't trigger an update to occur.
            • If possible please provide us with one of the documents in question. You can upload it to cloud.acrobat.com/send and private message me the URL to download the document.  To send a private message, click on my user_name link and then on the 'Message' button link.  For reference, include a link to this discussion topic in your private message.

           

          As for a proactive way to push Flash updates, Flash Player's normal release cadence is the second Tuesday of the month (Patch Tuesday).  zero-day vulnerability releases can happen at any time outside of the standard release cadence.  The best, quickest way, to update Flash Player is to opt into Background Updates (update option = Allow Adobe to install updates automatically (recommended)).  Assuming an active internet connection, Background Update will update Flash Player within 24 hours of a new version being available.  Alternatively, if this is for updating Flash within your organization, you can obtain a distribution license (free for most use cases) and deploy Flash via SCCM, Group Policy, or hosting Background Updates internally in your organization and bypassing Adobe's servers.  For more information on Flash Player distribution see Adobe Flash Player Distribution | Adobe

           

          --

          Maria

          • 2. Re: Is there a simple administration utilities for running the flash updater proactively?
            tobenary Level 1

            Hi Maria,

            Excuse me for my late response, I was on vacation.

            • What Windows version is this on? Windows 10 1709 64bit.
            • Antivirus software, including version SentinelOne, 2.6.0
            • Is 'FlashUpdater is running and receiving its updates' the exact message being reported? Yes
              • Is the antivirus software reporting this message or is it displaying somewhere else? AV displays and kills
              • What is the exact Flash Player process name that is running when this message is returned
                • In this case, the flash updater writes itself to the autorun key:
                • registry autorun callback: process((Uid: AB4E4C7551B330C1, Name: FlashUtil64_27_0_0_187_ActiveX.exe, Pid: 5856, Session Id: 1)) key (\REGISTRY\USER\S-1-5-21-2107199734-1002509562-578033828-95736\Software\Microsoft\Windows \CurrentVersion\RunOnce) value (FlashPlayerUpdate) data (C:\WINDOWS\system32\Macromed\Flash\FlashUtil64_27_0_0_187_ActiveX.exe -update activex) type (REG_SZ)
              • however, in some cases, iexpore.exe writes the autorun key:
                • registry autorun callback: process((Uid: 7816E19C1504F4DE, Name: iexplore.exe, Pid: 9840, Session Id: 1)) key (\REGISTRY\USER\S-1-5-21-2107199734-1002509562-578033828-75464\Software\Microsoft\Windows \CurrentVersion\RunOnce) value (FlashPlayerUpdate) data (C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_ActiveX.exe -update activex) type (REG_SZ)
            • 3. Re: Is there a simple administration utilities for running the flash updater proactively?
              maria__ Adobe Employee

              Was your system recently updated from Windows 7 to Windows 10?

               

              The file in the RunOnce entry is for updating Flash Player ActiveX, however,  you're on Windows 10 and as of Windows 8, Microsoft embeds Flash Player ActiveX in IE, and Edge in Windows 10.  Therefore, that file will NOT exist on Windows 10.  The only thing I can think of is if this was an update from Windows 7 to 10 that didn't go very well, leaving residual files behind that are now misbehaving.  For example, if a Windows 7 system (that had Flash Player installed) was upgraded to Windows 10, the upgrade should have removed all of the old Flash Player files, since Microsoft embeds Flash Player in IE and Edge.

               

               

               

              Please provide screenshots of the contents of the C:\WIndows\System32\Macromed\Flash and C:\Windows\SysWOW64\Macromed\Flash directory.  Please ensure file extensions are displayed before taking the screenshots.  If you need to enable viewing file extensions see https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files

              • 4. Re: Is there a simple administration utilities for running the flash updater proactively?
                tobenary Level 1

                Checked with Client Computing Team. There is no update from win7 to win10. They redeploy directly.

                 

                • 5. Re: Is there a simple administration utilities for running the flash updater proactively?
                  maria__ Adobe Employee

                  To confirm, you're saying this was a clean installation from Windows 7 to Windows 10?  If so, is your IT team using a custom Windows 10 image to deploy Windows 10?  A brand new Windows 10 install would not have the RunOnce entries you mention created.  Those are only created when Flash Player determines an update is available, however, this would not happen on Windows 10 for Flash Player ActiveX as Microsoft embeds Flash Player ActiveX in IE and Edge on Windows 10 and all updates are released by Microsoft via Windows Update, and due to this, the Flash Player ActiveX files in Windows 10 do not have the version number in the file name.