Adobe Flash Player has an update available to Version 10.3.183.5...but NIS2011 blocked the installation process and quarantined Adobes's info posted below as a Trojan Horse. Should we assume NIS2011 is wrong?
I have a hardware (router) firewall, but turned off certain NIS components to get the Adobe Flash Player update to run...then afterwards turned back on those NIS components. (I will get to eat it if I am wrong.)
AdCategory: Download Insight Date & Time,Risk,Activity,Status,Path - Filename 8/12/2011 4:03 AM,High,Download Insight analyzed install_flashplayer10ax_gtbd_aih[1].exe,Removed,"c:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFG3A09C\install_flashplayer10ax_gtbd_aih[1].exe"
I had a problem with the latest Flash update too (twice) - and this was definitely from the official Adobe site as I have this bookmarked.
First time I noticed it was this morning (UK time) when trying to update an XP machine with IE, and the installer was flagged up by NIS as a trojan horse and quarantined.
Yesterday I updated a different machine with Windows 7 with both IE and Firefox versions of Flash. Nothing was found at the time, but I've updated the definitions etc several times since and when I ran a full system scan a few minutes ago, NIS found the same trojan in the Flash installer, which had been lurking in the IE temporary internet files. (No problems with the Firefox version.) So it seems like the definitions which were put out some time after about 2.00 - 3.00 pm yesterday (UK time) are the ones which are flagging it up as a trojan.
I asked Norton this morning if it was a possible false positive, but haven't heard anything back yet.
Our analysts have not been able to reproduce the issue your report. Our test show that the program you submitted has a good reputation. This could be because the status of this program changed automatically between the time you submitted and now.
We have concluded our research of your submission and will take no further action.
So, I tried again to update Flash again on the XP machine, with the exact same result as before. I’ve sent another report to Symantec, but if anyone else at Norton is reading this and can offer help or preferably make it possible to update Flash, then I, and no doubt others, would be grateful.
As far as I know, my latest flash player from Adobe is installed and working ok. It passed the adobe flash tester the last time I looked. I just checked the Adobe site and it says I have the latest version installed as does my control panel. I am using xp pro IE 8 sp 3 computer in the English language. Thanks.
Maybe this has something to do with the language of Adobe Flash Player? I got mine a couple of days ago after my weekly virus scan. Has anyone sent it in to Virus Total to see how it does there?
Another alternative which is fast you can use Virus Total
If you do this, please let us know the results and please let us know if you are using a language other than English in case this is a language problem. Thanks.
It is the English version. Click my link above, select the IE version, download it, and you'll see.
Full Path: c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flashplayer10ax_aih.exe ____________________________ ____________________________ Signature: Adobe Systems Incorporated Identified: 8/12/2011 at 11:48:47 AM Last Used: Not Available Start-up Item: No Version Number: 3.0.6.0 ____________________________ ____________________________ Very Few Users Fewer than 5 users in the Norton Community have used this file. ____________________________ Very New This file was released less than 1 week ago. ____________________________ Good Norton has given this file a good rating.
I've had this happen before with other software programs, and I solved the problem by downloading a fresh copy of the installation file from FileHippo and then manually updating the trust levels for my application ratings from within NIS (Performance | Application Ratings).
You may also need to re-boot and then clean any remnants of your old Flash installation using the Flash Player Uninstall Utility before re-installing with the new installation file.
_______________
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
It is the English version. Click my link above, select the IE version, download it, and you'll see.
Full Path: c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flashplayer10ax_aih.exe ____________________________ ____________________________ Signature: Adobe Systems Incorporated Identified: 8/12/2011 at 11:48:47 AM Last Used: Not Available Start-up Item: No Version Number: 3.0.6.0 ____________________________ ____________________________ Very Few Users Fewer than 5 users in the Norton Community have used this file. ____________________________ Very New This file was released less than 1 week ago. ____________________________ Good Norton has given this file a good rating.
(See Message 3 for the problems I was having.) I've now managed to update the XP computer, though when I first tried to run the updater file, Norton Insight didn't report whether it was OK or not. Rather than risk it, I chose Save instead, and as it saved, Norton Insight said it was fine. I then ran it (still no Insight report) and Flash updated properly. Subsequent scans of (a) temporary internet files and (b) full system were both clean.
However....
Believing the latest definitions had fixed the problem, I then ran Norton update on my Windows 7 machine, restored the Flash updater file from quarantine, and scanned the temporary internet files. Result: the Flash updater file was once more identified as a trojan and removed to quarantine.
So it seems more likely to me that Adobe has pushed out an amended version of the Flash installer.
Meanwhile, I've sent some screenshots off to Norton to show what was happening.
Actually, I may have some information to help, rather than my normal pattern of paranoid based questions. Those having a problem with trying to install the flash player- are you using the adobe download manager thing method? It seems on the adobe flash player forums that some folks there report the same thing (NIS flagging it as a trojan) But folks there say that when flash player is downloaded via the direct way (bypassing the download manager method) there is no issue. If you go to the adobe flash player forum page, under their FAQ it gives a direct link to install the new FP
I used this last night to install ne FP. It gave me this (I broke the link on purpose here)
fpdownload. macromedia.com/ install_flash_player 10_active x.exe I save it to my desktop and norton scanned and showed safe. To add insurance, I manually ran another Norton scan on the item and that showed safe. I then ran as admin and installed without issue
If the installation file on your Win 7 computer was somehow corrupted during download, Norton Insight will continue to find a problem with the digital signature and/or hash value (see floplot's's suggestion here about submitting your file to VirusTotal for a SHA256 hash tag check) and it will continue to identify the file as potential malware. If that is the case you will have to re-download a fresh copy of the installation file. I would suggest the following:
1. If necessary, uninstall any Adobe Flash add-on from the Windows Control Panel as you normally would for other software 2. Download and run the Adobe Flash Uninstall Utility to clean out remnants of any old installation 3. Re-boot your PC 4. Run the Adobe Flash Uninstall Utility again for safe measure 5. Download a new copy of the Adobe Flash Player installer from FileHippo (see message # 12 for correct links for IE vs. Firefox add-ons) - save the installation file to your hard drive and do not run the installation from your browser. 6. Install Adobe Flash from the Run command (Start | Run) with the new installation file with all browsers and instant messenger software closed.
If you receive any warnings from NIS File Insight about problems with the file trust ratings similar to the screen shot below, click on the Check Trust Now link in this pop-up window to make sure that you have the latest trust ratings from the Symantec servers.
--------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G
If you are downloading the latest Adobe Flash Player from a secondary download site such as FileHippo or TechSpot, make sure that you download the last stable version v. 10.3.183.5 that was released 10-Aug-2011 (at least as of 12-Aug-2011). Some of these download sites have already posted the beta version v. 11.0.1.98 (intended for beta testers only), so make sure you don't accidently download the buggy beta version of the installer.
---------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G
plus on that same page you can find the link for the uninstaller,
[Removed]
then you can test your install at http://www.adobe.com/software/flash/about/ all of the links here don't have adobe extra goodies like the google tool bar, plus you can scan the files with norton before you install them so you don't get any surprises. the in browser updates seem to set off norton from time to time if it can't check it with Norton insight. better to play it safe and manually do it. it's up to you. just was thinking I would share this information with you all.
I would normally suggest that users try the download from the manufacturer's site, but users are reporting that the problem occurred with installation files downloaded directly from the Adobe site. I was hoping that a change in download links might solve the problem.
I used the Adobe Flash Player v. 10.3.183.5 installation files from FileHippo myself (both IE and Firefox versions) and NIS File Insight didn't complain about either installer. The links on FileHippo actually download from an alternate Adobe server (e.g. fpdownload.adobe.com/...). I've never downloaded an installation file from the FileHippo site that had an extra toolbar or spyware bundled with the manufacturer's installation file, but maybe I've just been lucky.
----------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G