Hi,
We are facing the same issue, but found a workaround for now.
According to the forum thread above, there is still an alternative which can be used until Q3 2021 or until HCL release a flash free dashboard.
After Jan 12th remaining Flash dashboards in BigFix Console will stop working by default.
Up to the date when “Windows Update for Removal of Adobe Flash Player” is automatically installed (presumably in Q3 2021), it will still be possible to run Flash content in Allow List mode. Allow List mode will ensure only selected local Flash content certified by BigFix is allowed to run. This will mitigate the risk of keeping Adobe Flash installed for the needed timeframe. Additional mitigation entails firewall-protecting communication between the BigFix Server and the BigFix Console running Flash content.
For further detail on how to enable Allow List mode for Flash Player, see section below.
How to enable Allow List mode for Adobe Flash Player
Allow List mode permits execution of restricted Flash content, thus greatly limiting the security attack surface.
It can be enabled by editing the configuration file, that must be created if non existing:
C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
For allowing BigFix content you must add to the Allow List all the site folders that include Flash content still to be run, located in the BigFix Console cache.
AllowListUrlPattern=file:///c:/Users/[Windows User]/AppData/Local/BigFix/Enterprise%20Console/[Server Name or IP]/[Operator name]/Sites/[Site Name]
where any whitespace character must be replaced with “%20”. Path format may differ based on computer configuration. Verify existence of site folder before adding it to mms.cfg.
Example:
AllowListUrlPattern=file:///c:/Users/Administrator/AppData/Local/BigFix/Enterprise%20Console/10.11.12.13/BFAdmin/Sites/OS%20Deployment%20and%20Bare%20Metal%20Imaging
will allow all Flash content included in “OS Deployment and Bare Metal Imaging” site only.
Allow List mode will be enabled by default on or after Jan 12th. For testing the Allow List configuration in advance of that date, you can force the Allow List mode by adding the following line in mms.cfg:
EnableAllowList=1
This workaround works per user, so that means u have to add extra line with the Windows User and Operator name for.