Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 0 replies
  • Subscribers 13 subscribers
  • Views 6510 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Java lockdown

Joe Shortall

I've started using Sophos Exploit Prevention with Sophos Enterprise Console and had a problem where our Web/Java based ERP system was "false flagged" as an exploit. The workaround was to put an exclusion in the policy for jp2launcher.exe. I'm assuming that this will exclude all java plugins from exploit prevention. Is there a way of targetting only the plugins of the ERP system for exclusion? I've seen other posts which suggest putting the thumbprint into the client PC registry WhiteThumbprints key. I tried to do this but it looks like there is a thumbprint for each user. What are the implications of excluding jp2launcher.exe as it does not seem practical to gather the thumbprints of each user of the system to create  the whitelist?


KEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\

The key is of type:

REG_MULTI_SZ

With the name of:

WhiteThumbprints

 

Mitigation   Lockdown

Platform     6.1.7601/x86 v604 06_2a
PID          4144
Application  C:\Program Files\Java\jre1.8.0_111\bin\java.exe
Description  Java(TM) Platform SE binary 8

Filename     C:\Users\xxxxx\AppData\Local\Temp\.djnativeswing\classpath

Process Trace
1  C:\Program Files\Java\jre1.8.0_111\bin\java.exe [4144]
"C:\Program Files\Java\jre1.8.0_111\bin\java" "-Djava.library.path=C:\Program Files\Java\jre1.8.0_111\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program Files\Internet Explorer;;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\
2  C:\Program Files\Java\jre1.8.0_111\bin\jp2launcher.exe [2072]
"C:\Program Files\Java\jre1.8.0_111\bin\jp2launcher.exe" -secure -plugin -jre "C:\Program Files\Java\jre1.8.0_111" -vma LURfX2p2bV9sYXVuY2hlZD0zMjY3NTk3MjgALURfX2FwcGxldF9sYXVuY2hlZD0zMjY3NTc5NDIALURzdW4uYXd0Lndhcm11cD10cnVlAC1EamF2YS5zZWN1cml0eS5tYW5hZ2Vy
3  C:\Program Files\Internet Explorer\iexplore.exe [5712]
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4748 CREDAT:78849 /prefetch:2
4  C:\Program Files\Internet Explorer\iexplore.exe [4748]
5  C:\Windows\explorer.exe [3056]
6  C:\Windows\System32\userinit.exe [2620]
7  C:\Windows\System32\winlogon.exe [560]
winlogon.exe

Thumbprint
4027efd55347a6d47606ae92dc22d360cdce83c500e5c779888558044f3c6803



This thread was automatically locked due to age.
Unfiltered HTML