Most folks will know their estate and have "known suspects" (Browsers, for a start) that need to be killed off (and stay dead) for java to be updated.
You can define a list of processes that'll get shot down & kept down before patching a specific thing.
If you want to trace a "which program makes use of Java" and you don't know what it is - that's trickier. You could try using SysInternal's Process Explorer (free download from Technet) and check for "Open Handle" on your java executables potentially.
If memory serves (it's been a long time), Java's logging about "Hey, THIS thing called me" is somewhere between "non-existant" and "sub-optimal" (it's been a few years since I've had to wrangle with it, but I doubt much has changed, sadly ).
It's a royal pain in the neck - that's for sure.
Thanks for responding phoffmann!
Hey folks, even if that's your answer, throw in a "I have the same question". Given there's 196 views on this thread and not much of a response doesn't surprise me. Thanks for including the per/PC way to investigate using Process Explorer and "Open Handle" I've heard of that. I was hoping for a little bit bigger look from the enterprise than per PC.
90% of it amounts to knowing your environment and it's app stack.
That should have you be familiar with "known suspects" (so - browsers being the guaranteed item, then in-house applications that use Java, etc.).
There's always going to be that "unknown factor" - which you can usually mitigate via proper communication.
I.e. - contacting the "usual problem groups" (anyone with local admin rights who maybe shouldn't have them ... any one doing dev type work), and asking / telling them. Good relationships here benefit everyone ... whereas a last resort of "OK, we're going to execute any running JAVA instances we find & keep 'em dead ... so on your head be it if your stuff breaks halfway through" generally tends to end up in a lot of bad blood (but may be a necessary evil).
You shouldn't have to do a "per PC" approach through most of the estate ... most of the estate someone "should know" (prep work & comms & relationships will help you here the most) and you can handle that way. You shouldn't have to reverse-engineer things for yourself.
"Delegate" what you can / where it makes sense. You don't have to re-invent the wheel from scratch .