AntiVirus says the installed Flash Player is out of date

Report · Jan 14, 2019

Hi. My McAfee LiveSafe scanner repeatedly warns that I have an out of date version of Flash Player (10.3.181.22) which critically needs to be updated. However, when I try to update, I find that the installed version of Flash Player is that integrated with my Windows 10 MS Edge browser, for which there is no update (and in any case is not the version which is picked up by the scanner). I have run Adobe's uninstaller, and searched for this old version, without success. Can anyone adbise how I can clean out this and any other old versions of Flash.

Thanks

Message was edited by: Jeromie Clark - Updated the title to more accurately reflect the issue

Report · Jan 14, 2019

The standalone uninstaller will not remove any browser embedded version of Flash Player (Activex for IE/Edge, Chrome's embedded PPAPI plugin).

If you upgraded from a previous version of Windows to Windows 10, it's possible the upgrade did not completely remove any previous version of Flash Player ActiveX, however, this is a Microsoft issue, not an Adobe issue, as it was their upgrade that failed to properly remove the old version of Flash Player to be replaced by the new embedded version.

With that said, are the files for the old version actually in the C:\Windows\System32\Macromed\Flash and C:\Widows\SysWOW64\Macromed\Flash, or do they only exist in the registry somewhere?

If they are in the ~\Macromed\Flash directory, you could probably delete them, but you want to be careful to not deleted the embedded Flash Player ActiveX files (the embedded Flash Player ActiveX files are actually locked by default by Microsoft and not easily deleted).

If the reference to the old version exists solely in the registry, you would need to contact Microsoft for assistance, as it was their upgrade that failed to delete artifacts of the old version the system appropriately

Report · Jan 14, 2019

There are files in those two directories, but they are not related to this historic version which is hidden somewhere.

Notwithstanding the issue might belong to Microsoft (which I have queried and which inevitably has pointed me back to you, as has McAfee), does Adobe not have some kind of installation removal tool which will fully remove all instances and registry entries and eliminate Flash completely from a system - thereby removing the vulnerability. If so, perhaps I could use this and then reinstall the browser with embedded Flash?

thanks

Report · Jan 15, 2019

Where does McAfee say this file is?

It might be embedded in an app, which is not unknown. No Adobe tool will search and destroy, or update, copies of Flash that were included in apps.

Report · Jan 15, 2019

McAfee doesn't say, it just reports that the version on my computer needs updating. But when I try to update, the updater tells me I have the correct version embedded into Edge.

But I think you may be right, there is something embedded somewhere else. I'm just surprised that I can't find it and I can't completely remove Flash - particularly if it has a vulnerability. At this rate, I may have to consider a complete rebuild, which shouldn't be necessary.

Report · Jan 15, 2019

There's a Flash Player to match every major browser plug-in interface. On Windows, that's ActiveX (which is a built-in component of IE and Edge and is managed through updates from Windows Update), PPAPI for Chrome and Chromium-based browsers (Opera, etc.), and NPAPI for Firefox, Adobe Acrobat, and others. You may have one or more of them installed.

If you go to Settings / Control Player > Flash Player > Updates, you should see a list of all the Flash Player variants installed (by Adobe installers) and their versions. If you click Check Now and/or Install, you should get directed to download the latest appropriate versions for what's installed on your machine.

If your Antivirus is *still* flagging things after that, then that's probably a conversation to have with tech support for your AV vendor. In particular, getting the full path to the file that the AV tool is complaining about would be super useful for understanding what exactly is getting flagged.

Report · Jan 16, 2019

Thank you, very helpful. I have identified only one instance, PPAPI for Chrome, and that is a current version 32.x.y.z

So as you suggest I’ll try to explore further with McAfee. I’m now beginning to suspect a false positive.

Report · Jan 16, 2019

It's either that, or you're running an application that directly bundles an outdated copy of Flash Player, instead of leveraging the system copy. if you can figure out how to get the full path to the file that they're complaining about, that would probably give you a clear answer.

Report · Jan 16, 2019

A bundled Flash Player of course may be no vulnerability at all, if it is only used to play fixed content. But you can't guess that, maybe it could be fed random web content.

Adobe Community

AntiVirus says the installed Flash Player is out of date