Yes I've seen this on that reg value and also on another reg value:
We are also on Java 7.
Suddenly we got hit by this "intrusion". We use Java 7. There was no content updates nor other changes, it just started. Exclusions by registry key didnt work, so we disabled the signature.
Signature 3854 covers CVE-2007-3655, which has been patched by the vendor. If the appropriate security patches are applied to a system, you can safely disable the signature.
Java Runtime Environment 6 Update 1, and earlier
Java Runtime Environment 5 Update 11, and earlier
Sun Microsystems has released a patch for this vulnerability.
JRE 5 Update 12 is available at:
JRE 6 Update 2 is available at:
KB73399 - FAQs for Host Intrusion Prevention 8.0
Review the section titled “Top Issues -> Client IPS/FAQ - IPS Events”.
10. If the signature is still triggering after an applicable vendor security update has been applied, consider the event a false positive and either disable the signature to the updated systems, or create an IPS exception for the updated systems to stop all further signature detections.