Showing posts from 2023

Java Hunting

Have you ever meet anyone with Java installed across their systems and a clean vulnerability scan? Me neither. I recently set off on a journey to cleanse Java from my environment. The biggest challenge so far has been how to find out who actually uses something that relies on Java.  I have used the System Center Dudes Java Inventory and Metering report for ages, but I wanted to get more data to confirm what I was seeing. My good friends/coworkers over on the security team suggested using Microsoft Defender Advanced Hunting to track down usage of Java. It can do that?! Microsoft Defender Advanced Hunting is based on Kusto Query Language (KQL) so if you're familiar with Config Manager's CMPivot, you should be able to jump right in and be an Advanced Hunting pro. Advanced Hunting allows you to query the entire life of a computer as far back as 30 days.  For my Java hunting needs, I wrote a query that is looking for anytime the java.exe or javaw.exe process ran. The query shows me