Im sure you have all seen the bundles of fun with Java and the ton of vunerabilities that are around.
I want curious what options users are currently using for Java, im interested if a straight 'java.exe and javaw.exe are only allowed to internal network' rule has proved to be useful for anyone or created too much of a headache with end user support?
Also has anyone tried java filtering by version, I see this is probably MD5 Hash based... any ideas where to get all the hashes without having to install every version of java one by one and get the hash?
I have seen this which seems similar but for HIPS7 https://community.mcafee.com/thread/47321?tstart=0
and this for web gateway (which we dont have...) https://community.mcafee.com/message/254139#254139