We are running SEPM 12.1.2 and we receive a lot of alerts MalJava related always catched by a Scheduled scan.
We never saw one of this detected by a Real-time scan as we expect.
Detected alert are of this type:
Risk name: Trojan.Maljava
File path: C:\Users\***\AppData\Local\Temp\jar_cache1909827282209444630.tmp>>man\start\Miraz.class
Event time: Jan 9, 2014 1:41:39 AM
Database insert time: Jan 9, 2014 1:56:37 AM
Source: Scheduled Scan
Description: ""
User: SYSTEM
[...]
Action taken on risk: Cleaned by deletion
[...]
The file is an archive containing .class files, all the malicious classes included in the archive are usually cleaned in a Scheduled Scan.
Is there a way to tune Symantec to always scan those files in real-time (when they are created)?