.\ArcGIS\Server\GeoEvent\system\org\ops4j\pax\logging\pax-logging-log4j2\1.10.1\pax-logging-log4j2-1.10.1.jar file keeps returning after we delete the folder. Whatever is creating the file is what is vulnerable.
ArcGIS GeoEvent Server 10.7.1
Installed 9/22
May want to look at this blog: https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2... under Security Scanner False Positives & https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-enterprise-log4j-securi...
Otherwise I recommend contacting Esri technical support for more guidance.