topic Re: log4j vulnerable files are getting recreated after removal(CVE-2021-44228. ) in Splunk Enterprise https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/578966#M10979 <P>Which files are you talking about?&nbsp; Are they actually being recreated or is the deletion failing?&nbsp; Are the files showing up in the splunk_archiver app?&nbsp; If so, the blog says what to do about that.</P> Mon, 20 Dec 2021 18:45:00 GMT richgalloway 2021-12-20T18:45:00Z log4j vulnerable files are getting recreated after removal(CVE-2021-44228. ) https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/578961#M10978 <P>we followed the steps provided on&nbsp;<A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank">https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html</A>&nbsp;but it seems that files are being recreated , Can anyone please help on that ??,<BR />Also i wanted to know if replacing just Apache version rather upgrading splunk could&nbsp; help to mitigate ?<BR />and what should be the steps if i replace?</P> Mon, 20 Dec 2021 18:14:52 GMT https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/578961#M10978 imsidrai 2021-12-20T18:14:52Z Re: log4j vulnerable files are getting recreated after removal(CVE-2021-44228. ) https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/578966#M10979 <P>Which files are you talking about?&nbsp; Are they actually being recreated or is the deletion failing?&nbsp; Are the files showing up in the splunk_archiver app?&nbsp; If so, the blog says what to do about that.</P> Mon, 20 Dec 2021 18:45:00 GMT https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/578966#M10979 richgalloway 2021-12-20T18:45:00Z Re: log4j vulnerable files are getting recreated after removal(CVE-2021-44228. ) https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/579523#M11021 <P>did you just delete the 4 paths the documents say. i have been looking for more clarification into this. as i read it just indicates to delete those 4 paths and that should be it. is this true?</P> Wed, 29 Dec 2021 21:34:08 GMT https://community.splunk.com/t5/Splunk-Enterprise/log4j-vulnerable-files-are-getting-recreated-after-removal-CVE/m-p/579523#M11021 japonter 2021-12-29T21:34:08Z