I’m trying to get into my Driver Library (Flash Content) Dashboard - (I don’t see a flash free dashboard yet). All I get is the Flash logo on the screen then where I would normally do some driver bindings. Now ALL of my dashboards that still use Flash are getting the same thing… I know Bigfix has been working on creating Flash free dashboards which seem to be fine so far but at the moment I can’t do anything with driver bindings… Flash has NOT been uninstalled from my computer yet… I tried on another computer of mine and getting the same thing… Any thoughts?
We are facing the same issue, but found a workaround for now.
According to the forum thread above, there is still an alternative which can be used until Q3 2021 or until HCL release a flash free dashboard.
After Jan 12th remaining Flash dashboards in BigFix Console will stop working by default.
Up to the date when “Windows Update for Removal of Adobe Flash Player” is automatically installed (presumably in Q3 2021), it will still be possible to run Flash content in Allow List mode. Allow List mode will ensure only selected local Flash content certified by BigFix is allowed to run. This will mitigate the risk of keeping Adobe Flash installed for the needed timeframe. Additional mitigation entails firewall-protecting communication between the BigFix Server and the BigFix Console running Flash content.
For further detail on how to enable Allow List mode for Flash Player, see section below.
How to enable Allow List mode for Adobe Flash Player
Allow List mode permits execution of restricted Flash content, thus greatly limiting the security attack surface.
It can be enabled by editing the configuration file, that must be created if non existing:
C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
For allowing BigFix content you must add to the Allow List all the site folders that include Flash content still to be run, located in the BigFix Console cache.
AllowListUrlPattern=file:///c:/Users/[Windows User]/AppData/Local/BigFix/Enterprise%20Console/[Server Name or IP]/[Operator name]/Sites/[Site Name]
where any whitespace character must be replaced with “%20”. Path format may differ based on computer configuration. Verify existence of site folder before adding it to mms.cfg.
will allow all Flash content included in “OS Deployment and Bare Metal Imaging” site only.
Allow List mode will be enabled by default on or after Jan 12th. For testing the Allow List configuration in advance of that date, you can force the Allow List mode by adding the following line in mms.cfg:
EnableAllowList=1
This workaround works per user, so that means u have to add extra line with the Windows User and Operator name for.
THANK YOU - Yes, this does work. I did have to be very specific with things, the server name or IP section had to be "server@domain.com" and my user account had to be "user@domain.com"
This checks whether there is an mms.cfg at \windows\syswow64\Macromed\Flash, whether it contains all of the BESConsole cache paths for the OS Deployment and Bare Metal Imaging site, and appends any missing lines to the mms.cfg.
It assumes the default BESConsole cache paths; if you’ve configured your console caches to a path other than <USERPROFILE>\AppData\Local\BigFix\Enterprise Console, you would have to update to reference those paths; and the user path to be updated must have previously launched the BES Console (the fixlet needs to be re-run if a new user loads the console; if their operator account name changes; or if they connect to multiple BigFix root servers)
