Endpoint Protection

 View Only
Expand all | Collapse all

Adobe Flash Script Error (Something to do with SEP)

ℬrίαη

ℬrίαηMar 14, 2013 08:15 PM

  • 1.  Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 01:51 PM

     I notice that sometimes when trying to update or download adobe flash I get a script error on some, not all workstations in our environment. We have a group named workstations that we have all our user workstations in, within SEPM. I noticed sometime when trying to update/install flash player I'll get a script error on the workstation and it will not install, so to test I disabled network threat protection on one of the workstations and then tried to download adobe flash again and it worked fine. I also uninstalled flash and re enabled ntp to see if it would stop the download with ntp on and sure enough i got a script error in the middle of install. So, I have pinpointed that ntp seems to be what may block the install sometimes, but I do not see any blocked messages within the event viewer workstation log.

    I want to add an exception within the sepm console to keep from blocking adobe updates/downloads, but I am not sure how. I have added exceptions for applications in program files before but not for downloads updates from a website. I have read articles on adding exceptions but do not see anything specifically for adding downloads from a website.



  • 2.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 01:56 PM

    Are you seeing anything in the Security log on the SEP client? Not sure why NTP would block this...are you using an application control policy?



  • 3.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 02:01 PM

    Could you post a screenshot of the error you are getting?



  • 4.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 03:50 PM

     I don't see anything in the security log but I do see logs in the system log on the client PC, but I don't see anything pertaining to something being blocked.

     The only thing we have blocked using application and control policy is to block autorun.inf

     What I did to get adobe to download was right click on the client within the console and disable network threat protection and the I was able to run the download.



  • 5.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 03:55 PM
      |   view attached

     Here is a post of the error message I see when ntp is enabled and I try to download adobe.

    Attachment(s)

    docx
    adobe error.docx   45 KB 1 version


  • 6.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 03:57 PM

    What happens if you disable the browser IPS add on in IE?



  • 7.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 04:19 PM

     When I go to manage add ons within IE and disable IPS then the download goes through fine, but re enable does cause the error, so it is IPS that is blocking. Now just need to add an exception for that in the IPS policy



  • 8.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 04:28 PM
    There is no abilty to add exceptions for browser IPS. You can only enable or disable.


  • 9.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 04:38 PM
      |   view attached

     Just out of curiosity, I found this within the SEPM console. I attached the print screen; can anything be added to this?

    Attachment(s)

    docx
    Intrusion Prevention.docx   30 KB 1 version


  • 10.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 07, 2013 05:04 PM

    These are IPS attack signatures - the setting allows here to set a different action that the default (block in most cases) - but if you don't see any block actions in the SEP logs related to IPS protection no point really to set here any exclusions as there are few thousands of these signatures.



  • 11.  RE: Adobe Flash Script Error (Something to do with SEP)

    Trusted Advisor
    Posted Mar 13, 2013 03:11 PM

    Hello,

    You may be interested in these BLOG's - 

    Fake Adobe Flash Update Installs Ransomware, Performs Click Fraud

    https://www-secure.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud

    New Adobe PDF Zero-day Unleashes Trojan.Swaylib

    https://www-secure.symantec.com/connect/blogs/new-adobe-pdf-zero-day-unleashes-trojanswaylib

    New Adobe Vulnerabilities Being Exploited in the Wild

    https://www-secure.symantec.com/connect/blogs/new-adobe-vulnerabilities-being-exploited-wild

    Adobe Zero-day Used in LadyBoyle Attack

    https://www-secure.symantec.com/connect/blogs/adobe-zero-day-used-ladyboyle-attack

    Hope that helps!!



  • 12.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 14, 2013 06:12 PM

    We are having this problem too.  How do we resolve this?



  • 13.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 14, 2013 08:15 PM

    Disable the browser IPS add-on



  • 14.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 14, 2013 08:27 PM

    I don't want to leave the user's browser unprotected.



  • 15.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Mar 14, 2013 08:34 PM

    I would test with latest version and if still not working, I would open a case. If it's a bug,they need to look at it.



  • 16.  RE: Adobe Flash Script Error (Something to do with SEP)

    Posted Apr 26, 2013 07:23 AM

    This new Security Response blog post will be of interest to followers of this thread:

    2013 First Quarter Zero-Day Vulnerabilities
    https://www-secure.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities

    ...

    Symantec recommends users to follow these best security practices:

    • Ensure all applications are up to date with the latest security patches. Even though a zero-day exploit cannot be patched, the latest updates will provide protection from previously disclosed vulnerabilities.
    • Ensure antivirus and IPS definitions are up-to-date.
    • Avoid visiting sites of questionable integrity.
    • Avoid opening files provided by untrusted sources.
    • Implement multiple redundant layers of security such as non-executable and randomly mapped memory segments that may hinder an attacker's ability to exploit vulnerabilities.