1 Reply Latest reply on Oct 14, 2011 1:11 PM by Stephen Pohl

    Antivirus exclusions for updating Flash Player

    Ulendal

      We are trying to get it so that all of our PC's can automatically update Flash Player (due to all of the recent updates) rather than have me download the redistributable and push it out over Zenworks.

       

      When we do this, McAfee ePO 8.8i is apparently blocking the Flash Player install. 

       

      What do we need to list as an exception/exclusion from McAfee so that we can accomplish the updates?  My List would be:

       

      InstallFlashPlayer.exe

      FlashUtil*_ActiveX.exe

      install_flashplayer*.exe (maybe install_flashplayer*aih.exe?)

      FP_AX_CAB_INSTALLER64.exe

       

      My concern with using the wildcards is the enormous amount of spyware that might be introduced because of this.  Is there anything else I can do?

       

      Here are the lines from the Access Protection log:

       

      10/10/20118:07:20 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility FlagsAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Delete
      10/10/20118:07:35 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:07:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:07:45 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility FlagsAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Delete
      10/10/20118:07:56 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\PolicyAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:07:57 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPathAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:07:57 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppNameAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:08:04 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\7A.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility FlagsAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:13:54 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/10/20118:13:54 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:13:57 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:13:58 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\VersionAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:13:59 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\WINDOWS\Explorer.EXEC:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/10/20118:14:34 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/10/20118:14:35 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\Content.IE5\VNQ6E7G4\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:14:37 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:14:38 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\VersionAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/10/20118:14:38 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\WINDOWS\Explorer.EXEC:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32ax_gtbd_aih[1].exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/11/201110:48:42 AMBlocked by Access Protection rule<Computername>\<user>C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility FlagsAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Delete
      10/11/201110:48:43 AMBlocked by Access Protection rule<Computername>\<user>C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/11/201110:49:05 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\<user>\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/11/201110:49:05 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\WINDOWS\Explorer.EXEC:\Documents and Settings\<user>\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute
      10/11/201110:49:14 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\PolicyAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/11/201110:49:14 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPathAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/11/201110:49:14 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppNameAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/11/201110:49:14 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility FlagsAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/11/201110:49:26 AMBlocked by Access Protection rule<Computername>\<user>C:\DOCUME~1\<user>\LOCALS~1\Temp\371.dir\InstallFlashPlayer.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/12/20118:05:12 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\My Documents\Downloads\install_flashplayer11x32_mssd_aih.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/12/20118:05:13 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\ZoneMap\AutoDetectAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/12/20118:05:14 AMBlocked by Access Protection rule<Computername>\<user>C:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exe\REGISTRY\USER\S-1-5-21-431391153-592018285-4164930105-1040\Software\Microsoft\Internet Explorer\Main\WindowsSearch\VersionAnti-spyware Standard Protection:Protect Internet Explorer favorites and settingsAction blocked : Create
      10/12/20118:05:14 AMWould be blocked by Access Protection rule  (rule is currently not enforced)<Computername>\<user>C:\WINDOWS\Explorer.EXEC:\Documents and Settings\<user>\Local Settings\Temp\install_flashplayer11x32_mssd_aih.exeCommon Standard Protection:Prevent common programs from running files from the Temp folderAction blocked : Execute