1 Reply Latest reply on Jul 7, 2014 3:30 PM by mrspike

    Adobe Flash failing during Security Patching

    Rookie

      My current monthly security patch setup contains a combination of MS and Adobe updates. 100% of the time, I get about 30% of my clients with a 413* return errors while deploying security patches to my client machines. It's typically due to the Adobe Flash updates failing because the clients browsers are open while LANDesk is attempting the install. This is very troublesome as you can imagine. Especially when we turn on Autofix > LANDesk finally finds the opportunity to install the flash update, and prompts the user to reboot after the flash update is installed. This annoys the end-users because instead of one reboot, they now have to reboot twice. (Once from the original security patch, and once for the flash update).

       

      That leads me to my next question. Why does LANDesk need to reboot the client machine if all it's updating is Adobe Flash? I realize that my reboot options in the task is set to "Reboot - Prompt User", but that's because of the other MS patches actually require a reboot, etc. As I'm writing this, I realize that I can easily simplify this by separating the Adobe updates from the MS updates, but let's face it - that would be too easy and not enough fun. I'm hoping for some help with this issue.

       

      Is there a way for my task to detect if the incremental update that's installed needs a reboot or not, and if so - it'll determine so when it's completed. Or there might be a way for LANDesk to detect if there are browsers open while the updates are trying to download, and then prompt the user to close their browsers so Flash can update? I'm looking for any solution, really. Fancy, simple, exciting, boring. Whatever works. We could make some fun of this and see how many feasible solutions the LANDesk community can whip up. Come on guys!

       

       

      *413 = One or more patches failed to install

        • 1. Re: Adobe Flash failing during Security Patching
          mrspike SSMMVPGroup

          The Flash Player Plugin for Firefox needs to have the browser closed, where the one for IE no longer does.

           

          If you open the Flash Player Plugin patch, say "FLASHPLAYERPLUGINv13.0.0.214", you will see a tab called "Custom Variables", if you go into that, you can choose to use Force Mode, Force Mode will force kill the open browser.

           

          The patch will not warn users, but you could add a generic warning in your scan and repair behavior that can include something along the lines of "Please close all open applications, especially Web Browsers"

           

          What we do is this, we (right click and) clone the patch, created a second one, with "Force Mode" added to the name.  We set the "normal" one to Autofix and let it do its thing.  For the cloned one, we push that out as a scheduled task at night as to not interrupt the user is they are using the browser.

           

          As for the reboots, there is a "pending file rename" key that gets set when any patch or application is installed that the creator of wants to call for a reboot at the end.  LANDesk looks to see if this flag is set, if so, AND if your scan and repair settings is set to reboot if needed / always, it will call for the reboot.   It does not matter if the patch just failed or not, if that flag was already present, or, if the patch you ran created that flag, you will get the prompt.