[moved to new thread but ref: the older thread https://community.mcafee.com/message/270727#270727 ]
With the latest widely-exploited-and-baked-in-exploit-kits Java 0day  going around again (which is only half fixed  by the latest Java 7 patch)... and with Java 6 a few weeks away from being EOL'd while many many enterprise critical internal Java interfaces don't necessarily work with Java 7... curious how many folks are blocking Java now, and how they're going about it.
What legitimate sites are you seeing that are going on your whitelists given that no save version of Java exists right now?
In reviewing logs, I've found a lot of Java mime-types that don't appear to be on the pre-baked list in my MWG interface at mentioned by helpful posters in
https://community.mcafee.com/message/270727#270727 I am also trying to divine a method where I don't keep Eclipse and friends from getting their updates. Eclipse uses a non-Mozilla user-agent so I think that will be part of the logic I implement. The other thing I have to be careful of is the legit use of web meetings where Java often comes into play especially for limited users and not able to isntall ActiveX controls that some meeting solutions leverage.
Shared experiences welcome! And no one be deluded into thinking AV signatures will save us from this one. :-)
As no administrators have yet replied, here's one answer offered out from https://isc.sans.edu/diary/When+Disabling+IE6+%28or+Java%2C+or+whatever%29+is+not+an+Option.../14947 ... which lines up rather nicely with what I've divined from my analysis of access logs for Java hits.
This isn't an exact answer to your question, but things that we've considered or implemented for the purpose of avoiding Java pwnage include:
- file type (either as determined by MWG or by what the server sends back as Content-Type)
- file name
- monitoring notifications
- whitelisting specific destinations
- coaching pages for java and uncategorized sites