Skip to main content
The_Intersect
Participant
June 8, 2018
Answered

Adobe Flash Player 30.0.0.113 update causes alert when none use to occur

  • June 8, 2018
  • 1 reply
  • 2698 views
  • I am using Windows 7 Enterprise Version 6.1 (Build 7601: Service Pack 1).
  • Although the problem is not related to my web browser, I have Chrome v. 56.0.2924.87 and Internet Explorer v. 11.0.9600.18860, update version 11.0.49
  • Flash Player version is 30.0.0.113 (just updated early on June 8, 2018)

  1. Early this morning, my computer automatically updated my Flash Player to version 30.0.0.113.
  2. Now, every time I run my database (MS Access 2013) that contains a flash player clock (an .swf object), I get an alert that "This document contains embedded content that may be harmful to your computer."  I have to select either "Do not allow content to play (Recommended)." or "I recognize this content. Allow it to play."
  3. I select "I recognize this content. Allow it to play." and then click the [Continue] button.
  4. However, I know the content is safe and I do not want this warning to appear every time I or one of my database clients/users run the database.

How can I prevent that message from occurring?  How can I mark the content as safe so that the alert will stop popping up?  How can I make it so that the database's end users will not see that alert?

(I know one solution is to remove the flash player clock, but that's not an acceptable solution unless you can point me to an equivalent flash player clock that will not raise an alert every time the database is launched.)

UPDATE:  I just used the Flash Player Settings dialog in the Control Panel; under the "Advanced" tab, I clicked the [Trusted Location Settings...] button and then added all of the following:  The folder in which the .swf file for the clock are stored; the path to the actual .swf clock file itself.  Even after adding those as trusted locations/files, the alert *still* pops up every time I run the database.  So, apparently that is not a workaround either--but should be, it seems to me!

This topic has been closed for replies.
Correct answer jeromiec83223024

Flash Player has been click-to-play in Office 2007 and below for years.  The assumption at the time was that then-new versions of Office offered sufficient sandboxing to guard from attack, but that doesn't really hold at this point.  As a result, we've extended the click-to-play behavior to apply to all versions of Office.

You can disable this feature (although we don't recommend it) by adding the following directive to mms.cfg:

MSOfficeEmbedCheckDisable=1

You can find details on managing mms.cfg in the system administrator's guide below:

Adobe Flash Player Administration Guide for Flash Player | Adobe Developer Connection

That said, attackers target Office with embedded malicious Flash content because it's easier than targeting the browser.  There's a good reason behind the choice to disable Flash content by default in Office.

Also, I believe that Microsoft will be disabling Flash Player completely in Office 360.  It's probably time to figure out how to replace that clock with something that's going to work over the long-term.

1 reply

jeromiec83223024
jeromiec83223024Correct answer
Inspiring
June 8, 2018

Flash Player has been click-to-play in Office 2007 and below for years.  The assumption at the time was that then-new versions of Office offered sufficient sandboxing to guard from attack, but that doesn't really hold at this point.  As a result, we've extended the click-to-play behavior to apply to all versions of Office.

You can disable this feature (although we don't recommend it) by adding the following directive to mms.cfg:

MSOfficeEmbedCheckDisable=1

You can find details on managing mms.cfg in the system administrator's guide below:

Adobe Flash Player Administration Guide for Flash Player | Adobe Developer Connection

That said, attackers target Office with embedded malicious Flash content because it's easier than targeting the browser.  There's a good reason behind the choice to disable Flash content by default in Office.

Also, I believe that Microsoft will be disabling Flash Player completely in Office 360.  It's probably time to figure out how to replace that clock with something that's going to work over the long-term.

The_Intersect
Participant
June 11, 2018

Thank you @jeromiec83223024.  I appreciate the explanation.

I can confirm that adding that line to the mms.cfg file successfully stops the warning dialogs from appearing.

Right:  It does not really make sense to disable it, and, disabling it on all the machines where the database will be deployed is not convenient (although it could be done).

It would sure be nice if there were a registry entry that would allow a specific trusted SWF file to skip the warning dialog.

So, it does look like I won't be using that SWF clock any more.  Too bad.  It was an elegant solution; now I'll get to do some additional coding to implement the clock feature myself.

Thanks again for the explanation.  I appreciate understanding what is going on.