Every day, I have to clear out dozens of computers that show in the SEPM Monitors as "Infected". The only detections on these machines are java cache files (jar_cache*.tmp) found in:
C:\Documents and settings\<user>\Local Settings\Temp\
or:
C:\Documents and settings\<user>\Application Data\Sun\Java\Deployment\cache
I work closely with our desktop admins to keep our Java/JRE versions up-to-date. Each of these computers are on the latest, non-vulnerable Java clients. If I visit the computer and run a full system scan (with multiple tools) there are no further infections on the box, it is clean.
Why do these machines show as infected? I assume it is because the cache file is in use when the real-time engine scans it. Is there a way to prevent these clients from showing as "infected" and requiring to be manually cleared from the Monitor each and every day?
(SEPM 11.0.6 and a mix of 11.0.5 and 11.0.6 clients)