2 Replies Latest reply on Jul 19, 2016 1:15 PM by JimmyKumbaya

    Patches Attempting To Prompt Users?

    JimmyKumbaya Rookie

      Good day.

       

      Lately (since around Jul 13, when I installed Update 3), some third-party patches I push (Adobe Flash, Adobe Reader) with Protect Std (9.2.0 B 5119) are prompting for authorization on the target machines. I only clued into that when it appeared patches stopped installing. I remote connected to the client system and pushed Flash, and I got "A program running on this computer is trying to display a message," and it was Flash Player asking for approval to continue. It appears the same is happening with the Reader .MSP file; I can remotely connect and install it silently using MSIEXEC, but Protect hangs, apparently for the same reason (user prompt).

       

      Anyone know what I'm doing wrong? There are lottsa moving pieces in our infrastructure, and folks love to change things without telling me, so I'm not trying to blame Update 3 (especially since there's no complaints about this behavior yet). The only unusual thing I can mention is that I'm having to download third-party patches from Adobe (and others) manually, due to certificate problems; I can work around that, but the prompting behavior has me stuck.

       

      Thanks for any help.

      Jim

        • 1. Re: Patches Attempting To Prompt Users?
          travisschuur SupportEmployee

          Hello Jim

           

          You may want to look at this article we have seen this behavior due to the file being blocked. You can verify it by looking in the file's properties, under the General tab

           

          Deployment Failures Caused By Blocked Files

          https://community.shavlik.com/docs/DOC-24212

           

          Thanks

          Travis

          • 2. Re: Patches Attempting To Prompt Users?
            JimmyKumbaya Rookie

            I'd already skimmed that reference, it sounds like it, but no, I don't see that security warning on the patches (unless it's somewhere else in Server2008R2). Plus, I *did* see the popup, it was just that I was logged in as the same username used as credentials to push the patches.

             

            Thanks for the reply, Travis.

             

            EDIT: Oh, wait, I'm being stupid: clearly the system knows it's been "Downloaded from the Internet", it says so right on the UAC prompt. Let me look into that a little more before I show more ignorance ...

             

            EDIT EDIT: I used streams.exe to remove Zone.Identifier from the Adobe patches, all looks good. Thanks for the pointer.