Endpoint Protection

 View Only

  • 1.  SEP found multiple risks all in the \%appdata%\Java folder

    Posted May 07, 2012 08:29 AM

    We have about 400 PCs in our environment that SEP monitors. This morning, SEP (during a scheduled scan) has found multiple risks on three users PCs. All of them are in the "Application Data\Sun\Java\Deployment\cache\" folders.

     

    I have seen Java cache items been flagged before but generally rule it out as a false postive as long as it is in the "Sun\Java" folder. Today however, I am a bit concerned. The Risk Type is stuff like: Multiple Risks Viral, Trojan Horse Viral, Trojan.Maljava Viral 

     

    Does anyone have any suggestions on how to handle these?



  • 2.  RE: SEP found multiple risks all in the \%appdata%\Java folder

    Posted May 07, 2012 08:45 AM

    Upload some of these files to virustotal.com and check for the result.



  • 3.  RE: SEP found multiple risks all in the \%appdata%\Java folder
    Best Answer

    Trusted Advisor
    Posted May 07, 2012 09:00 AM

    Hello,

    What Version of SEP 11.x are you running?

    I would request you to submit some of these files to the Symantec Security Response Team.

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    To minimize the risk, I would recommend you to apply the below Application and Device Control Policy on the all the Machines.

    How to Block Known Virus Executables that run from %UserProfile% using Application and Device Control

    http://www.symantec.com/docs/TECH131741

    Suggestions from Java

    http://java.com/en/download/help/cache_virus.xml

    Secondly, create a case with Symantec Technical Support.

    Hope that helps!!