Confirmed we had the same threat database yesterday (now updated). We have seen this, starting yesterday 01:00 GMT for TLS from one particular Windows 7 host, which we have shut down as a precaution. However all indications around this host's traffic point towards this being a false positive, with perhaps TLS from Windows 7 being a trigger. Since the trigger host is currently disabled, I'm unable to confirm if this is resolved in updated threat databases so would appreciate if anyone hears that this was indeed false positive and is resolved.
... View more