Endpoint Protection

 View Only

  • 1.  Detected jar cache files flags machine as infected

    Posted Aug 10, 2010 11:24 AM
    Every day, I have to clear out dozens of computers that show in the SEPM Monitors as "Infected". The only detections on these machines are java cache files (jar_cache*.tmp) found in:
    C:\Documents and settings\<user>\Local Settings\Temp\
    or:
    C:\Documents and settings\<user>\Application Data\Sun\Java\Deployment\cache

    I work closely with our desktop admins to keep our Java/JRE versions up-to-date. Each of these computers are on the latest, non-vulnerable Java clients. If I visit the computer and run a full system scan (with multiple tools) there are no further infections on the box, it is clean.

    Why do these machines show as infected? I assume it is because the cache file is in use when the real-time engine scans it. Is there a way to prevent these clients from showing as "infected" and requiring to be manually cleared from the Monitor each and every day?

    (SEPM 11.0.6 and a mix of 11.0.5 and 11.0.6 clients)


  • 2.  RE: Detected jar cache files flags machine as infected

    Posted Aug 10, 2010 12:04 PM

    https://www-secure.symantec.com/connect/forums/java-viruses-not-being-denied-disk-io-access


  • 3.  RE: Detected jar cache files flags machine as infected

    Posted Aug 10, 2010 12:25 PM
    All of the detections of these cache files are deleted. They show in the "Deleted" column on the main page of SEPM, but also in the "Infected" column. I then have to go and manually clear the status on each of these machines (about 35 today) which is quite time consuming.

    Why are the files deleted, but the client is wrongly flagged as infected?