I have seen a lot of these begin to fire. In the packet capture, I can see that it is being caused by clients requesting a desktop.ini be created on a share (presumably this is normal behavior for saving folder layout options). Looking at the security advisory for this threat, I don't see anything about Desktop.ini being an issue. Perhaps this is an issue with the signature? Anyone else seeing this?
I see exaclty the same behavior in my environment. Unfortionatly the signature string hits exactly for the file name "desktop.ini". Did you open a case with support yet?