We had java enabled at one of our sites and were getting at least 3 alerts per week from malware and other threats. Sometimes having to swap out entire pc due to sophos not been able to clean it. We were also affected by the banking malware that infects open network shares and renames all the folders and sets up a trojan on the network even with sophos enabled. It was a battle to remove it, due to this i put measures in place to prevent any more problems.
I disabled java with group policy and since disabling java we have not had one malware alert in 3 months. If someone wants to use java that i temporarily move them in to another OU and they get a enable java ou and move them back in to disable java ou when they are finished.
This thread was automatically locked due to age.