As of January 1, 2021, Adobe will discontinue support for Flash. Since the software has suffered from notorious security problems in the past, it is not advisable to continue using it without support. You can use an update to remove the version integrated into Windows, and group policies allow you to block Flash in the browser.

The great success of Adobe Flash and its resulting widespread use has led to its presence in all sorts of versions on diverse platforms. On Windows, it is not only part of the operating system, but also comes as an integrated component of various web browsers, including the market leader, Google Chrome.

For this reason, most Windows PCs have multiple copies of the Flash player installed that need to be neutralized. In the case of web browsers, removing Flash is often not possible, but you can prevent the player from running using group policies.

Most browser vendors started disabling the built-in Flash module by default some time ago. However, users could still change this setting. Therefore, it is important to permanently block the execution of Flash on web pages via a GPO. Currently, you have to download the ADMX templates for all browsers except Internet Explorer and save them in the central store or the local workstation.

Blocking Flash in Chrome and Edge ^

The Chromium-based browsers offer a Content Settings folder under Computer or User Configuration > Policies > Administrative Templates in the Google > Google Chrome or Microsoft Edge section.

There, you'll find the option Default Flash setting (Chrome) or Default Adobe Flash setting (Microsoft Edge). By selecting Block the Adobe Flash plugin, you prevent the player from being run.

Blocking Flash for Microsoft Edge using Group Policy

Blocking Flash for Microsoft Edge using Group Policy

However, if old Flash applications still exist in the company, then this measure would be too radical. Hence, as an alternative, you can use a whitelist to allow Flash only for specific URLs. This option can also be found in the content settings and is called Allow the Flash plugin on these sites (Chrome) or Allow the Adobe Flash plug-in on certain sites (Edge).

A whitelist can be used to limit Flash to certain websites only

A whitelist can be used to limit Flash to certain websites only

GPO settings for Firefox ^

Mozilla also provides Flash blocking for Firefox under Computer or User Configuration > Policies > Administrative Templates > Mozilla > Firefox > Flash. You can switch off the player completely by deactivating the Activate Flash on websites setting.

If you want to enable individual websites for Flash, you can use a whitelist here as well. In this case, leave Enable Flash on websites set to Not configured and activate the Allowed Sites setting instead. There, you can enter the desired URLs for Flash.

By creating a whitelist Firefox blocks Flash on all other websites

By creating a whitelist Firefox blocks Flash on all other websites

Internet Explorer ^

For Internet Explorer, the Flash player is implemented as an ActiveX control. By default, ActiveX filtering is active for external websites, so Flash would not run there anyway.

If you want to block it globally, then the setting Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer will do the job. You can find it under Computer or User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.

Blocking Adobe Flash in Internet Explorer

Blocking Adobe Flash in Internet Explorer

Removing Flash from Windows ^

Adobe Flash is also included in the operating system, but cannot simply be uninstalled as an optional component. Rather, Microsoft provides a separate update (KB4577586) for this, which is available for all currently supported Windows versions.

At this time, it can only be downloaded from the Update Catalog, and then you import it into WSUS. Microsoft might deliver it directly to WSUS after the end of Flash support.

The update KB4577586 removes Adobe Flash permanently from Windows

The update KB4577586 removes Adobe Flash permanently from Windows

The update removes the Flash player from Windows but cannot be uninstalled itself. Thus, this process is irreversible. Another peculiarity is that it only works for the integrated Flash component.

If a user has installed the Flash player manually, then he needs Adobe's uninstall program. It can be downloaded from the manufacturer's website. With the command

Subscribe to 4sysops newsletter!

uninstall\_flash\_player.exe -uninstall

the program runs in the background, so that it is also suitable for logon scripts.

+1
1 Comment
  1. Allan 9 months ago

    Microsoft will eventually erase Flash from Windows without user intervention.  It will come late this year or early next year.

    If Flash is so evil, why have whitelists?  Why give bad actors a backdoor into your system?

    One should be able to find replacements or do without Flash-dependent applications.

     

    0

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account