2 Replies Latest reply on Aug 9, 2012 8:36 AM by alexmartin0

    Access Protection / Adobe Flash Player

      We are having an interesting issue with our EPO / Access Protection / Prevent all programs from running files from the Temp folder configuration.  It appears at some point Adobe changed where they keep their temporary files when access a website that has flash components so now they are placed in a folder with the work temp in it. Below is the entry from an event viewer:

       

      C:\Users\marti133\AppData\Local\Temp\{6515FD3B-6899-4602-BC28-E29D35B9F085}\fpb. tmp  (Granted the numbers between the {} are random and will change when you visit another website)

       

      Complete event viewer log:

       

      Blocked by access protection rule.  Access to object C:\Users\marti133\AppData\Local\Temp\{6515FD3B-6899-4602-BC28-E29D35B9F085}\fpb .tmp was blocked by rule Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder.

       

      So what happens, when a user access a website that has flash in it, msn.com for example, the page will not load or it will hang for 3-4 minutes before continuing.  You can view the event viewer log on that workstation and see the above entry.  If you go into the McAfee console and uncheck the block settings for Prevent all programs from running files from the Temp Folder, the problem goes away. 

       

      I have added the file name fpb.tmp as an exception under Prevent all programs from running files from the Temp folder, but still experienced the same result.

       

      Does anyone have a suggestion for us to try or anyone ran into this and resolved this problem?

       

      Thank you in advanced!!

       

      Alex Martin

        • 1. Re: Access Protection / Adobe Flash Player
          wwarren

          Hi Alex,

           

          The Access Protection rule as defined is "Prevent _all_ programs from running files from the Temp folder" (emphasis added), so in short it's doing what we wanted it to do but you're looking for an exception to be made...

           

          If you could review the local system's "AccessProtectionLog.txt" file, it should have this entry in it, and you should be able to identify the Process Name of the process touching this file. And more than likely, you'll find that it is IExplore.exe (or your choice of browser).

           

          So, you can understand that we simply can't exclude IExplore.exe from this rule!

          But alas, there is no other alternate than to disable the rule or exclude the process (not much better than disabling it).

           

          You can of course submit a PER as a product improvement idea for your use-case.

          • 2. Re: Access Protection / Adobe Flash Player

            wwarren,


            Thank you for the reply!

             

            You were correct, after looking in the AccessProtectionLog.txt file, I was able to determine what the actual process was.  Luckily it wasn't IExplore.exe but an executable of Flash Player, FlashUtil32_11_3_300_270_ActiveX for example.  Unfortunately Adobe does not keep that filename the same with ALL the different version, but with some wildcarding, I was able to add this exclusion.  

             

            Have a great one!


            Alex