Application has changed
I received an alert from the Network Threat Protection / IPS that I have never seen before and don't entirely understand....
Application has changed since the last time you opened it, process id: 5152 Filename: C:\Program Files\Java\jre6\bin\java.exe The change was allowed by profile. ---- Modules changed: 1 ---- C:\Program Files\Java\jre6\bin\java.exe ---- New modules: 0 ----
At first I thought it was just a new version of Java had been installed on the computer. But in the alert message the remote IP address is 212.95.55.185. A quick search of Google shows that this site is blacklisted. So now I am wondering if the web site 212.95.55.185 changed the Java executable?
Also at the exact same time another IPS alert says that [SID: 23495] HTTP Acrobat PDF Suspicious File Download 6 detected in IE from the same remote IP address.
Should I be concerned that Java.exe is infected?
Comments
No, if you check java just
No, if you check java just updated itself. I get those messages after we push the Windows updates from Altiris. Manual upgrades of programs can trigger this as well.
Re: Application has changed...
Check this link. It might be related or similar
https://www-secure.symantec.com/connect/forums/net...
Check this.
Hello,
Please check this:
HTTP Acrobat PDF Suspicious File Download 6
http://www.symantec.com/business/security_response...
Check the Additional References provided inthe Article provided above:
Hope those would answer all your Questions.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Would you like to reply?
Login or Register to post your comment.