New Adobe Flash Player update is blocked



Adobe Flash Player has an update available to Version 10.3.183.5...but NIS2011 blocked the installation process and quarantined Adobes's info posted below as a Trojan Horse. Should we assume NIS2011 is wrong?

 

I have a hardware (router) firewall, but turned off certain NIS components to get the Adobe Flash Player update to run...then afterwards turned back on those NIS components. (I will get to eat it if I am wrong.)

 

AdCategory: Download Insight
Date & Time,Risk,Activity,Status,Path - Filename
8/12/2011 4:03 AM,High,Download Insight analyzed install_flashplayer10ax_gtbd_aih[1].exe,Removed,"c:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFG3A09C\install_flashplayer10ax_gtbd_aih[1].exe"

 

Hmmm... where did you download it from? The Flash update from the offical Adobe site works just fine, and NIS does not identify it as a trojan.

 

Try this, you can choose your OS and browser, and this works fine:

 

http://get.adobe.com/flashplayer/otherversions/

I had a problem with the latest Flash update too (twice) - and this was definitely from the official Adobe site as I have this bookmarked.

 

First time I noticed it was this morning (UK time) when trying to update an XP machine with IE, and the installer was flagged up by NIS as a trojan horse and quarantined.

 

Yesterday I updated a different machine with Windows 7 with both IE and Firefox versions of Flash. Nothing was found at the time, but I've updated the definitions etc several times since and when I ran a full system scan a few minutes ago, NIS found the same trojan in the Flash installer, which had been lurking in the IE temporary internet files. (No problems with the Firefox version.) So it seems like the definitions which were put out some time after about 2.00 - 3.00 pm yesterday (UK time) are the ones which are flagging it up as a trojan.

 

I asked Norton this morning if it was a possible false positive, but haven't heard anything back yet.

An update:

 

Symantec Security Insight Dispute Team say:

Our analysts have not been able to reproduce the issue your report.  Our test show that the program you submitted has a good reputation.  This could be because the status of this program changed automatically between the time you submitted and now. 

We have concluded our research of your submission and will take no further action.

So, I tried again to update Flash again on the XP machine, with the exact same result as before. I’ve sent another report to Symantec, but if anyone else at Norton is reading this and can offer help or preferably make it possible to update Flash, then I, and no doubt others, would be grateful.

I can reproduce it now, too. Only the Internet Explorer installer, though, not the one for other browsers.

FWIW  ~~  unistaller from Adobe & IE / Non IE from 'filehippo' ~~ OK

Category: Download Insight
Date & Time,Risk,Activity,Status,Path - Filename
8/11/2011 10:26 AM,Info,Download Insight detected launch of install_flash_player.exe,Activity allowed once,c:\users\bjms\desktop\install_flash_player.exe
8/11/2011 10:26 AM,Info,Download Insight detected launch of install_flash_player_ax.exe,Activity allowed once,c:\users\bjms\desktop\install_flash_player_ax.exe
8/11/2011 10:25 AM,Info,Download Insight detected launch of uninstall_flash_player.exe,Activity allowed once,c:\users\bjms\desktop\uninstall_flash_player.exe
8/11/2011 10:24 AM,Info,Download Insight analyzed uninstall_flash_player.exe,Access allowed,c:\Users\BJMS\Desktop\uninstall_flash_player.exe
8/11/2011 9:43 AM,Info,Download Insight analyzed install_flash_player.exe,Access allowed,c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flash_player.exe
8/11/2011 9:42 AM,Info,Download Insight analyzed install_flash_player_ax.exe,Access allowed,c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flash_player_ax.exe

Hello

 

As far as I know, my latest flash player from Adobe is installed and working ok. It passed the adobe flash tester the last time I looked. I just checked the Adobe site and it says I have the latest version installed as does my control panel. I am using xp pro IE 8 sp 3 computer in the English language. Thanks.

I downloaded the latest update from Adobe and now I have no flash player - Norton has remioved it claiming it to be a Trojan.  What is going on??

Hello

 

Maybe this has something to do with the language of Adobe Flash Player? I got mine a couple of days ago after my weekly virus scan. Has anyone sent it in to Virus Total to see how it does there?

 

Another alternative which is fast you can use Virus Total

http://www.virustotal.com/index.html


(Thanks to Yaso for providing the links)

 

If you do this, please let us know the results and please let us know if you are using a language other than English in case this is a language problem. Thanks.

It is the English version. Click my link above, select the IE version, download it, and you'll see.


Bombastus wrote:

It is the English version. Click my link above, select the IE version, download it, and you'll see.


Full Path: c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flashplayer10ax_aih.exe
____________________________
____________________________
Signature:
Adobe Systems Incorporated
Identified:
8/12/2011 at 11:48:47 AM
Last Used:
Not Available
Start-up Item:
No
Version Number:
3.0.6.0
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week  ago.
____________________________
Good
Norton has given this file a good rating.

____________________________
Origin
http://aihdownload.adobe.com/bin/install_flashplayer10ax_aih.exe Downloaded File install_flashplayer10ax_aih.exe from: adobe.com



Hi 1mcrtd:

 

I've had this happen before with other software programs, and I solved the problem by downloading a fresh copy of the installation file from FileHippo and then manually updating the trust levels for my application ratings from within NIS (Performance | Application Ratings).

 

The download at http://www.filehippo.com/download_flashplayer_ie/  is compatible with IE, but the FileHippo site also has a separate download at http://www.filehippo.com/download_flashplayer_firefox/ for Adobe Flash for Firefox and other non-IE browsers.

 

You may also need to re-boot and then clean any remnants of your old Flash installation using the Flash Player Uninstall Utility before re-installing with the new installation file.

_______________

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS


bjm_ wrote:

Bombastus wrote:

It is the English version. Click my link above, select the IE version, download it, and you'll see.


Full Path: c:\Sandbox\BJMS\DefaultBox\user\current\Desktop\install_flashplayer10ax_aih.exe
____________________________
____________________________
Signature:
Adobe Systems Incorporated
Identified:
8/12/2011 at 11:48:47 AM
Last Used:
Not Available
Start-up Item:
No
Version Number:
3.0.6.0
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week  ago.
____________________________
Good
Norton has given this file a good rating.

____________________________
Origin
http://aihdownload.adobe.com/bin/install_flashplayer10ax_aih.exe Downloaded File install_flashplayer10ax_aih.exe from: adobe.com




Yes, it was fixed with the virus update the last hour.

(See Message 3 for the problems I was having.) I've now managed to update the XP computer, though when I first tried to run the updater file, Norton Insight didn't report whether it was OK or not. Rather than risk it, I chose Save instead, and as it saved, Norton Insight said it was fine. I then ran it (still no Insight report) and Flash updated properly. Subsequent scans of (a) temporary internet files and (b) full system were both clean.

 

However....

Believing the latest definitions had fixed the problem, I then ran Norton update on my Windows 7 machine, restored the Flash updater file from quarantine, and scanned the temporary internet files. Result: the Flash updater file was once more identified as a trojan and removed to quarantine.

 

So it seems more likely to me that Adobe has pushed out an amended version of the Flash installer.

 

Meanwhile, I've sent some screenshots off to Norton to show what was happening.

Actually, I may have some information to help, rather than my normal pattern of paranoid based questions.
Those having a problem with trying to install the flash player- are you using the adobe download manager thing method? It seems on the adobe flash player forums that some folks there report the same thing (NIS flagging it as a trojan)
But folks there say that when flash player is downloaded via the direct way (bypassing the download manager method) there is no issue.
If you go to the adobe flash player forum page, under their FAQ it gives a direct link to install the new FP

I used this last night to install ne FP. It gave me this (I broke the link on purpose here)

fpdownload. macromedia.com/
install_flash_player 10_active
x.exe
I save it to my desktop and norton scanned and showed safe. To add insurance, I manually ran another Norton scan on the item and that showed safe. I then ran as admin and installed without issue

arthurk:

If the installation file on your Win 7 computer was somehow corrupted during download, Norton Insight will continue to find a problem with the digital signature and/or hash value (see floplot's's suggestion here about submitting your file to VirusTotal for a SHA256 hash tag check) and it will continue to identify the file as potential malware. If that is the case you will have to re-download a fresh copy of the installation file.  I would suggest the following:

1.  If necessary, uninstall any Adobe Flash add-on from the Windows Control Panel as you normally would for other software
2.  Download and run the Adobe Flash Uninstall Utility to clean out remnants of any old installation
3.  Re-boot your PC
4.  Run the Adobe Flash Uninstall Utility again for safe measure
5.  Download a new copy of the Adobe Flash Player installer from FileHippo (see message # 12 for correct links for IE vs. Firefox add-ons) - save the installation file to your hard drive and do not run the installation from your browser.
6.  Install Adobe Flash from the Run command (Start | Run) with the new installation file with all browsers and instant messenger software closed.

 

If you receive any warnings from NIS File Insight about problems with the file trust ratings similar to the screen shot below, click on the Check Trust Now link in this pop-up window to make sure that you have the latest trust ratings from the Symantec servers.

 

Download Insight Ratings for iTunes 10.jpg

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G

 

Just an afterthought.

 

If you are downloading the latest Adobe Flash Player from a secondary download site such as FileHippo or TechSpot, make sure that you download the last stable version v. 10.3.183.5 that was released 10-Aug-2011 (at least as of 12-Aug-2011).  Some of these download sites have already posted the beta version v. 11.0.1.98 (intended for beta testers only), so make sure you don't accidently download the buggy beta version of the installer.

---------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G


I always use the direct links for downloading adobe flash, all of them can be found at. http://kb2.adobe.com/cps/191/tn_19166.html#main_ManualInstaller

 

this is for ie, [Removed]

 

all other browsers [Removed

 

plus on that same page you can find the link for the uninstaller,

 

[Removed]

 

then you can test your install at http://www.adobe.com/software/flash/about/ all of the links here don't have adobe extra goodies like the google tool bar, plus you can scan the files with norton before you install them so you don't get any surprises. the in browser updates seem to set off norton from time to time if it can't check it with Norton insight. better to play it safe and manually do it. it's up to you. just was thinking I would share this information with you all.

 

 

[edit: Please do not direct link to .exe files per the Participation Guidelines and Terms of Service.]

jarrycanada:

 

I would normally suggest that users try the download from the manufacturer's site, but users are reporting that the problem occurred with installation files downloaded directly from the Adobe site.  I was hoping that a change in download links might solve the problem.

 

I used the Adobe Flash Player v. 10.3.183.5 installation files from FileHippo myself (both IE and Firefox versions) and NIS File Insight didn't complain about either installer.  The links on FileHippo actually download from an alternate Adobe server (e.g. fpdownload.adobe.com/...).   I've never downloaded an installation file from the FileHippo site that had an extra toolbar or spyware bundled with the manufacturer's installation file, but maybe I've just been lucky.

----------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G