2 Replies Latest reply on Apr 30, 2010 8:44 AM by jmcleish

    Possible False Positive - Exploit-CVE2008-5353

      We're receiving a large amount of Exploit-CVE2008-5353 detections this morning for java files located in

      C:\Documents and Settings\'user'\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\prfEE7.tmp\A.class


      This alert is coming up as users are logging into our Citrix servers.  I'm unable to find a sample of the file being detected by McAfee since it is deleted by the OAS during detection.  Is anyone else experiencing this?  Is this a false positive or just a widespread malware infection affecting multiple users?