I'm having issues with our ADAudit Plus being detected almost daily for "Ransomware" for what appears to be related to "Java" Component for this software. The only indications that our Virus Protection - "Sophos" is that the Java-Process is trying to "encrypt" files.

Do you know if this is a legitimate claim for Ransomware or is this apart of the ADAudit Process to "encrypt" information as it's communicating between Servers / Networks?

I want to be sure that this is a legit process or ransomware before I place this into the Exceptions-List. In other words, I do not want to remove restrictions only to have the Ransomware take control.

I have already performed several "Virus Scans" for Rootkits, Malware, Viruses, Suspicious Files, etc. I have checked for Hidden Files in C:\Root and C:\Windows\System32\. There are no files that call out for my attention. 

Please advise in how I can detect the issue.