Does anyone recall the last time this signature was updated? Although the user said he hasn't used the application for a month or two I ended up having to create an exception for this. Just wondering where the change was.. I started looking through the security content releases (one at a time) and didn't see anything.
It is a Medium severity by default. Perhaps you tightened your IPS protection to block Medium?