Sourcefire VRT Rules Update

Date: 2011-10-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20278 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20279 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20276 <-> DISABLED <-> POLICY standard ASCII encoded with UTF-8 possible evasion detected (policy.rules)
 * 1:20277 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML comment creation attempt (web-client.rules)

Modified Rules:


 * 1:14448 <-> DISABLED <-> WEB-ACTIVEX reconfig.SystemReconfigur ActiveX clsid access (web-activex.rules)
 * 1:14450 <-> DISABLED <-> WEB-ACTIVEX reconfig.SystemReconfigur ActiveX function call access (web-activex.rules)
 * 1:14452 <-> DISABLED <-> WEB-ACTIVEX vmhwcfg.NwzCompleted ActiveX clsid access (web-activex.rules)
 * 1:14454 <-> DISABLED <-> WEB-ACTIVEX vmhwcfg.NwzCompleted ActiveX function call access (web-activex.rules)
 * 1:14458 <-> DISABLED <-> WEB-ACTIVEX MksCompatCtl Class ActiveX function call access (web-activex.rules)
 * 1:14468 <-> DISABLED <-> WEB-ACTIVEX Elevated.HostDeviceInfos ActiveX clsid access (web-activex.rules)
 * 1:14470 <-> DISABLED <-> WEB-ACTIVEX Elevated.HostDeviceInfos ActiveX function call access (web-activex.rules)
 * 1:14476 <-> DISABLED <-> WEB-ACTIVEX reconfig.GuestInfo ActiveX clsid access (web-activex.rules)
 * 1:14478 <-> DISABLED <-> WEB-ACTIVEX reconfig.GuestInfo ActiveX function call access (web-activex.rules)
 * 1:14482 <-> DISABLED <-> WEB-ACTIVEX VmappPropFrame Class ActiveX function call access (web-activex.rules)
 * 1:14484 <-> DISABLED <-> WEB-ACTIVEX VhdCvtCom.VhdConverter ActiveX clsid access (web-activex.rules)
 * 1:14486 <-> DISABLED <-> WEB-ACTIVEX VhdCvtCom.VhdConverter ActiveX function call access (web-activex.rules)
 * 1:14490 <-> DISABLED <-> WEB-ACTIVEX VMSwitchCtl Class ActiveX function call access (web-activex.rules)
 * 1:14496 <-> DISABLED <-> WEB-ACTIVEX VmdbUtil Class ActiveX function call access (web-activex.rules)
 * 1:14502 <-> DISABLED <-> WEB-ACTIVEX VMwareVpcCvt.VpcC ActiveX function call access (web-activex.rules)
 * 1:14506 <-> DISABLED <-> WEB-ACTIVEX VmdbCnxUtil Class ActiveX function call access (web-activex.rules)
 * 1:14508 <-> DISABLED <-> WEB-ACTIVEX Vmc2vmx.CoVPCDrive ActiveX clsid access (web-activex.rules)
 * 1:14510 <-> DISABLED <-> WEB-ACTIVEX Vmc2vmx.CoVPCDrive ActiveX function call access (web-activex.rules)
 * 1:14516 <-> DISABLED <-> WEB-ACTIVEX VMClientVM Class ActiveX function call access (web-activex.rules)
 * 1:14520 <-> DISABLED <-> WEB-ACTIVEX Elevated.VMXCreator ActiveX clsid access (web-activex.rules)
 * 1:14522 <-> DISABLED <-> WEB-ACTIVEX Elevated.VMXCreator ActiveX function call access (web-activex.rules)
 * 1:14528 <-> DISABLED <-> WEB-ACTIVEX HotfixWz Class ActiveX function call access (web-activex.rules)
 * 1:14532 <-> DISABLED <-> WEB-ACTIVEX VmdbUpdates Class ActiveX function call access (web-activex.rules)
 * 1:14536 <-> DISABLED <-> WEB-ACTIVEX VMListCtl Class ActiveX function call access (web-activex.rules)
 * 1:14540 <-> DISABLED <-> WEB-ACTIVEX CheckedListViewWnd Class ActiveX function call access (web-activex.rules)
 * 1:14546 <-> DISABLED <-> WEB-ACTIVEX VmdbTreeCtl Class ActiveX function call access (web-activex.rules)
 * 1:14550 <-> DISABLED <-> WEB-ACTIVEX Nwz Class ActiveX function call access (web-activex.rules)
 * 1:14552 <-> DISABLED <-> WEB-ACTIVEX Vmc2vmx.CoVPCDrives ActiveX clsid access (web-activex.rules)
 * 1:14554 <-> DISABLED <-> WEB-ACTIVEX Vmc2vmx.CoVPCDrives ActiveX function call access (web-activex.rules)
 * 1:14558 <-> DISABLED <-> WEB-ACTIVEX MksCtl Class ActiveX function call access (web-activex.rules)
 * 1:14562 <-> DISABLED <-> WEB-ACTIVEX VmappPropPath Class ActiveX function call access (web-activex.rules)
 * 1:14568 <-> DISABLED <-> WEB-ACTIVEX PolicyCtl Class ActiveX function call access (web-activex.rules)
 * 1:14572 <-> DISABLED <-> WEB-ACTIVEX VmdbParseError Class ActiveX function call access (web-activex.rules)
 * 1:14576 <-> DISABLED <-> WEB-ACTIVEX NavigationCtl Class ActiveX function call access (web-activex.rules)
 * 1:14580 <-> DISABLED <-> WEB-ACTIVEX VMList Class ActiveX function call access (web-activex.rules)
 * 1:14588 <-> DISABLED <-> WEB-ACTIVEX CurrentVMCtl Class ActiveX function call access (web-activex.rules)
 * 1:14590 <-> DISABLED <-> WEB-ACTIVEX VhdCvtCom.DiskLibHelper ActiveX clsid access (web-activex.rules)
 * 1:14592 <-> DISABLED <-> WEB-ACTIVEX VhdCvtCom.DiskLibHelper ActiveX function call access (web-activex.rules)
 * 1:14596 <-> DISABLED <-> WEB-ACTIVEX ComponentOne VSFlexGrid ActiveX clsid access (web-activex.rules)
 * 1:14598 <-> DISABLED <-> WEB-ACTIVEX ComponentOne VSFlexGrid ActiveX function call access (web-activex.rules)
 * 1:14603 <-> DISABLED <-> WEB-ACTIVEX Data Dynamics ActiveReport ARViewer2 ActiveX clsid access (web-activex.rules)
 * 1:14605 <-> DISABLED <-> WEB-ACTIVEX Data Dynamics ActiveReport ARViewer2 ActiveX function call access (web-activex.rules)
 * 1:14611 <-> ENABLED <-> WEB-ACTIVEX VMWare VMCtl Class ActiveX clsid access (web-activex.rules)
 * 1:14613 <-> DISABLED <-> WEB-ACTIVEX VMWare VMCtl Class ActiveX function call access (web-activex.rules)
 * 1:14631 <-> DISABLED <-> WEB-ACTIVEX SystemRequirementsLab ActiveX clsid access (web-activex.rules)
 * 1:14633 <-> DISABLED <-> WEB-ACTIVEX PhotoStockPlus ActiveX clsid access (web-activex.rules)
 * 1:14635 <-> DISABLED <-> WEB-ACTIVEX Microsoft RSClientPrint ActiveX clsid access (web-activex.rules)
 * 1:14637 <-> DISABLED <-> WEB-ACTIVEX Microsoft PicturePusher ActiveX clsid access (web-activex.rules)
 * 1:14744 <-> DISABLED <-> WEB-ACTIVEX Hummingbird HostExplorer ActiveX clsid access (web-activex.rules)
 * 1:14746 <-> DISABLED <-> WEB-ACTIVEX Autodesk DWF Viewer ActiveX clsid access (web-activex.rules)
 * 1:14748 <-> ENABLED <-> WEB-ACTIVEX Autodesk LiveUpdate ActiveX clsid access (web-activex.rules)
 * 1:14750 <-> DISABLED <-> WEB-ACTIVEX Autodesk LiveUpdate ActiveX function call access (web-activex.rules)
 * 1:14752 <-> DISABLED <-> WEB-ACTIVEX Novell ZENworks Desktop Management ActiveX clsid access (web-activex.rules)
 * 1:14754 <-> DISABLED <-> WEB-ACTIVEX Novell ZENworks Desktop Management ActiveX function call access (web-activex.rules)
 * 1:14756 <-> ENABLED <-> WEB-ACTIVEX Microsoft SQL Server 2000 Client Components ActiveX clsid access (web-activex.rules)
 * 1:14762 <-> DISABLED <-> WEB-ACTIVEX iseemedia LPViewer ActiveX function call access (web-activex.rules)
 * 1:14778 <-> DISABLED <-> WEB-ACTIVEX Dart Communications PowerTCP FTP ActiveX clsid access (web-activex.rules)
 * 1:14780 <-> DISABLED <-> WEB-ACTIVEX Dart Communications PowerTCP FTP ActiveX function call access (web-activex.rules)
 * 1:14897 <-> DISABLED <-> WEB-ACTIVEX HP Software Update RulesEngine.dll ActiveX function call access (web-activex.rules)
 * 1:14993 <-> DISABLED <-> WEB-ACTIVEX Visagesoft eXPert PDF Viewer ActiveX clsid access (web-activex.rules)
 * 1:14995 <-> DISABLED <-> WEB-ACTIVEX Visagesoft eXPert PDF Viewer ActiveX function call access (web-activex.rules)
 * 1:14999 <-> DISABLED <-> WEB-ACTIVEX Microsoft Debug Diagnostic Tool ActiveX clsid access (web-activex.rules)
 * 1:15003 <-> DISABLED <-> WEB-ACTIVEX Chilkat Crypt 2 ActiveX clsid access (web-activex.rules)
 * 1:15005 <-> DISABLED <-> WEB-ACTIVEX Chilkat Crypt 2 ActiveX function call access (web-activex.rules)
 * 1:15007 <-> DISABLED <-> WEB-ACTIVEX NOS Microsystems / Adobe getPlus Download Manager ActiveX clsid access (web-activex.rules)
 * 1:15069 <-> DISABLED <-> WEB-ACTIVEX SAP AG SAPgui mdrmsap ActiveX clsid access (web-activex.rules)
 * 1:15159 <-> DISABLED <-> WEB-ACTIVEX Evans FTP ActiveX clsid access (web-activex.rules)
 * 1:15161 <-> DISABLED <-> WEB-ACTIVEX Evans FTP ActiveX function call access (web-activex.rules)
 * 1:15173 <-> DISABLED <-> WEB-ACTIVEX Phoenician Casino ActiveX clsid access (web-activex.rules)
 * 1:15177 <-> DISABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid access (web-activex.rules)
 * 1:15179 <-> DISABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX function call access (web-activex.rules)
 * 1:15192 <-> DISABLED <-> WEB-ACTIVEX SizerOne ActiveX clsid access (web-activex.rules)
 * 1:15194 <-> DISABLED <-> WEB-ACTIVEX SizerOne ActiveX function call access (web-activex.rules)
 * 1:15228 <-> DISABLED <-> WEB-ACTIVEX Ciansoft PDFBuilderX ActiveX clsid access (web-activex.rules)
 * 1:15230 <-> ENABLED <-> WEB-ACTIVEX Office Viewer 2 ActiveX clsid access (web-activex.rules)
 * 1:15232 <-> DISABLED <-> WEB-ACTIVEX Easy Grid ActiveX clsid access (web-activex.rules)
 * 1:15234 <-> DISABLED <-> WEB-ACTIVEX Easy Grid ActiveX function call access (web-activex.rules)
 * 1:15243 <-> ENABLED <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules)
 * 1:15245 <-> DISABLED <-> WEB-ACTIVEX AXIS Camera ActiveX function call access (web-activex.rules)
 * 1:15247 <-> DISABLED <-> WEB-ACTIVEX JamDTA ActiveX clsid access (web-activex.rules)
 * 1:15249 <-> DISABLED <-> WEB-ACTIVEX SmartVMD ActiveX clsid access (web-activex.rules)
 * 1:15251 <-> DISABLED <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX clsid access (web-activex.rules)
 * 1:15253 <-> DISABLED <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX function call access (web-activex.rules)
 * 1:15266 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX clsid access (web-activex.rules)
 * 1:15268 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX function call access (web-activex.rules)
 * 1:15272 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies PDF417 ActiveX function call access (web-activex.rules)
 * 1:15274 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX clsid access (web-activex.rules)
 * 1:15276 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX function call access (web-activex.rules)
 * 1:15278 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX clsid access (web-activex.rules)
 * 1:15280 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX function call access (web-activex.rules)
 * 1:15282 <-> DISABLED <-> WEB-ACTIVEX FlexCell Grid ActiveX clsid access (web-activex.rules)
 * 1:15284 <-> DISABLED <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX clsid access (web-activex.rules)
 * 1:15286 <-> DISABLED <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX function call access (web-activex.rules)
 * 1:15288 <-> DISABLED <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX clsid access (web-activex.rules)
 * 1:15290 <-> DISABLED <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX function call access (web-activex.rules)
 * 1:15307 <-> DISABLED <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid access (web-activex.rules)
 * 1:15315 <-> DISABLED <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid access (web-activex.rules)
 * 1:15330 <-> DISABLED <-> WEB-ACTIVEX Nokia Phoenix Service 1 ActiveX clsid access (web-activex.rules)
 * 1:15332 <-> DISABLED <-> WEB-ACTIVEX Nokia Phoenix Service 2 ActiveX clsid access (web-activex.rules)
 * 1:15336 <-> DISABLED <-> WEB-ACTIVEX GeoVision LiveX 7000 ActiveX function call access (web-activex.rules)
 * 1:15338 <-> DISABLED <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX clsid access (web-activex.rules)
 * 1:15340 <-> DISABLED <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX function call access (web-activex.rules)
 * 1:15342 <-> DISABLED <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX clsid access (web-activex.rules)
 * 1:15344 <-> DISABLED <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX function call access (web-activex.rules)
 * 1:15346 <-> DISABLED <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX clsid access (web-activex.rules)
 * 1:15348 <-> DISABLED <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX function call access (web-activex.rules)
 * 1:15350 <-> DISABLED <-> WEB-ACTIVEX Web on Windows ActiveX clsid access (web-activex.rules)
 * 1:15352 <-> DISABLED <-> WEB-ACTIVEX Web on Windows ActiveX function call access (web-activex.rules)
 * 1:15368 <-> DISABLED <-> WEB-ACTIVEX FathFTP ActiveX clsid access (web-activex.rules)
 * 1:15370 <-> DISABLED <-> WEB-ACTIVEX FathFTP ActiveX function call access (web-activex.rules)
 * 1:15372 <-> DISABLED <-> WEB-ACTIVEX iDefense COMRaider ActiveX clsid access (web-activex.rules)
 * 1:15374 <-> DISABLED <-> WEB-ACTIVEX iDefense COMRaider ActiveX function call access (web-activex.rules)
 * 1:15376 <-> DISABLED <-> WEB-ACTIVEX Sopcast SopCore ActiveX clsid access (web-activex.rules)
 * 1:15378 <-> DISABLED <-> WEB-ACTIVEX Sopcast SopCore ActiveX function call access (web-activex.rules)
 * 1:15460 <-> ENABLED <-> EXPLOIT Internet Explorer ActiveX load/unload race condition attempt  (exploit.rules)
 * 1:15547 <-> DISABLED <-> WEB-ACTIVEX eBay Picture Uploads control 1 ActiveX clsid access (web-activex.rules)
 * 1:15557 <-> DISABLED <-> WEB-ACTIVEX SAP AG SAPgui EnjoySAP ActiveX clsid access (web-activex.rules)
 * 1:15588 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 1 ActiveX clsid access (web-activex.rules)
 * 1:15590 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 10 ActiveX clsid access (web-activex.rules)
 * 1:15594 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 12 ActiveX clsid access (web-activex.rules)
 * 1:15596 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 13 ActiveX clsid access (web-activex.rules)
 * 1:15598 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 14 ActiveX clsid access (web-activex.rules)
 * 1:15600 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 15 ActiveX clsid access (web-activex.rules)
 * 1:15602 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 16 ActiveX clsid access (web-activex.rules)
 * 1:15604 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 17 ActiveX clsid access (web-activex.rules)
 * 1:15606 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 18 ActiveX clsid access (web-activex.rules)
 * 1:15608 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 19 ActiveX clsid access (web-activex.rules)
 * 1:15610 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 2 ActiveX clsid access (web-activex.rules)
 * 1:15612 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 20 ActiveX clsid access (web-activex.rules)
 * 1:15614 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 21 ActiveX clsid access (web-activex.rules)
 * 1:15616 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 22 ActiveX clsid access (web-activex.rules)
 * 1:15618 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 23 ActiveX clsid access (web-activex.rules)
 * 1:15620 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 24 ActiveX clsid access (web-activex.rules)
 * 1:15622 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 25 ActiveX clsid access (web-activex.rules)
 * 1:15624 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 26 ActiveX clsid access (web-activex.rules)
 * 1:15626 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 27 ActiveX clsid access (web-activex.rules)
 * 1:15628 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 28 ActiveX clsid access (web-activex.rules)
 * 1:15630 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 29 ActiveX clsid access (web-activex.rules)
 * 1:15632 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 3 ActiveX clsid access (web-activex.rules)
 * 1:15634 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 30 ActiveX clsid access (web-activex.rules)
 * 1:15636 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 31 ActiveX clsid access (web-activex.rules)
 * 1:15638 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid access (web-activex.rules)
 * 1:15640 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 33 ActiveX clsid access (web-activex.rules)
 * 1:15642 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 34 ActiveX clsid access (web-activex.rules)
 * 1:15644 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 35 ActiveX clsid access (web-activex.rules)
 * 1:15646 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 36 ActiveX clsid access (web-activex.rules)
 * 1:15648 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 37 ActiveX clsid access (web-activex.rules)
 * 1:15650 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 38 ActiveX clsid access (web-activex.rules)
 * 1:15652 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 39 ActiveX clsid access (web-activex.rules)
 * 1:15654 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 4 ActiveX clsid access (web-activex.rules)
 * 1:15656 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 40 ActiveX clsid access (web-activex.rules)
 * 1:15658 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 41 ActiveX clsid access (web-activex.rules)
 * 1:15660 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 42 ActiveX clsid access (web-activex.rules)
 * 1:15662 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 43 ActiveX clsid access (web-activex.rules)
 * 1:15664 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 44 ActiveX clsid access (web-activex.rules)
 * 1:15666 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 45 ActiveX clsid access (web-activex.rules)
 * 1:15668 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 5 ActiveX clsid access (web-activex.rules)
 * 1:15670 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access (web-activex.rules)
 * 1:15672 <-> ENABLED <-> WEB-ACTIVEX Microsoft Video 7 ActiveX clsid access (web-activex.rules)
 * 1:15674 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 8 ActiveX clsid access (web-activex.rules)
 * 1:15676 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 9 ActiveX clsid access (web-activex.rules)
 * 1:15878 <-> DISABLED <-> WEB-ACTIVEX AcerCtrls.APlunch ActiveX clsid access (web-activex.rules)
 * 1:15928 <-> DISABLED <-> WEB-ACTIVEX PPStream PPSMediaList ActiveX function call access (web-activex.rules)
 * 1:16161 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (web-activex.rules)
 * 1:16165 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (web-activex.rules)
 * 1:16270 <-> ENABLED <-> BACKDOOR Trojan.TDSS.1.Gen keepalive detection (backdoor.rules)
 * 1:16271 <-> ENABLED <-> BACKDOOR Trojan.TDSS.1.Gen keepalive detection (backdoor.rules)
 * 1:16300 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:16301 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:16305 <-> DISABLED <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX clsid access (web-activex.rules)
 * 1:16307 <-> DISABLED <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX function call access (web-activex.rules)
 * 1:16379 <-> DISABLED <-> WEB-ACTIVEX SAP AG SAPgui sapirrfc ActiveX clsid access (web-activex.rules)
 * 1:16419 <-> ENABLED <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access (web-activex.rules)
 * 1:16424 <-> DISABLED <-> WEB-ACTIVEX Windows Script Host Shell Object ActiveX clsid access (web-activex.rules)
 * 1:16426 <-> ENABLED <-> WEB-MISC Sun Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (web-misc.rules)
 * 1:16427 <-> ENABLED <-> WEB-MISC Sun Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method (web-misc.rules)
 * 1:16432 <-> DISABLED <-> WEB-ACTIVEX Trend Micro Web Deployment ActiveX clsid access (web-activex.rules)
 * 1:16565 <-> DISABLED <-> WEB-ACTIVEX Ultra Shareware Office ActiveX clsid access (web-activex.rules)
 * 1:16568 <-> DISABLED <-> WEB-ACTIVEX Altnet Download Manager ADM4 ActiveX clsid access (web-activex.rules)
 * 1:16635 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (web-activex.rules)
 * 1:16746 <-> ENABLED <-> WEB-ACTIVEX IBM Access Support ActiveX clsid access (web-activex.rules)
 * 1:16748 <-> DISABLED <-> WEB-ACTIVEX IBM Access Support ActiveX function call access (web-activex.rules)
 * 1:16772 <-> DISABLED <-> WEB-ACTIVEX EMC Captiva QuickScan Pro ActiveX clsid access (web-activex.rules)
 * 1:16774 <-> DISABLED <-> WEB-ACTIVEX EMC Captiva QuickScan Pro ActiveX function call access (web-activex.rules)
 * 1:16779 <-> DISABLED <-> WEB-ACTIVEX EasyMail IMAP4 ActiveX clsid access (web-activex.rules)
 * 1:16781 <-> DISABLED <-> WEB-ACTIVEX EasyMail IMAP4 ActiveX function call access (web-activex.rules)
 * 1:16791 <-> DISABLED <-> WEB-ACTIVEX SAP AG SAPgui EAI WebViewer3D ActiveX clsid access (web-activex.rules)
 * 1:16793 <-> DISABLED <-> WEB-ACTIVEX SAP AG SAPgui EAI WebViewer3D ActiveX function call access (web-activex.rules)
 * 1:17087 <-> DISABLED <-> WEB-ACTIVEX VeryDOC PDF Viewer ActiveX clsid access (web-activex.rules)
 * 1:17089 <-> DISABLED <-> WEB-ACTIVEX VeryDOC PDF Viewer ActiveX function call access (web-activex.rules)
 * 1:17092 <-> ENABLED <-> WEB-ACTIVEX Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (web-activex.rules)
 * 1:4677 <-> DISABLED <-> ORACLE Enterprise Manager Application Server Control GET Parameter Overflow Attempt (oracle.rules)
 * 1:4676 <-> DISABLED <-> ORACLE Enterprise Manager Application Server Control POST Parameter Overflow Attempt (oracle.rules)
 * 1:3553 <-> DISABLED <-> WEB-CLIENT HTML DOM null DHTML element insertion attempt (web-client.rules)
 * 1:20269 <-> ENABLED <-> WEB-CLIENT FON font file request (web-client.rules)
 * 1:20233 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Virut outbound connection (botnet-cnc.rules)
 * 1:20168 <-> DISABLED <-> WEB-ACTIVEX ChemView SaveAsMolFile vulnerability ActiveX clsid access (web-activex.rules)
 * 1:19825 <-> DISABLED <-> DOS Apache Killer DoS tool (dos.rules)
 * 1:19651 <-> ENABLED <-> WEB-ACTIVEX Cisco AnyConnect ActiveX function call access (web-activex.rules)
 * 1:19620 <-> ENABLED <-> WEB-CLIENT Adobe multiple products dwmapi.dll dll-load exploit attempt (web-client.rules)
 * 1:19618 <-> ENABLED <-> NETBIOS Adobe multiple products dwmapi.dll dll-load exploit attempt (netbios.rules)
 * 1:19565 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX function call access (web-activex.rules)
 * 1:19564 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (web-activex.rules)
 * 1:19563 <-> ENABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX function call access (web-activex.rules)
 * 1:19561 <-> ENABLED <-> WEB-ACTIVEX Real Networks RealPlayer ieframe.dll ActiveX clsid access (web-activex.rules)
 * 1:19305 <-> DISABLED <-> WEB-ACTIVEX Oracle EasyMail ActiveX function call access (web-activex.rules)
 * 1:19214 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:19198 <-> ENABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX function call access (web-activex.rules)
 * 1:19197 <-> ENABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX clsid access (web-activex.rules)
 * 1:19194 <-> DISABLED <-> WEB-ACTIVEX Oracle Document Capture ActiveX function call access (web-activex.rules)
 * 1:19193 <-> DISABLED <-> WEB-ACTIVEX Oracle Document Capture ActiveX clsid access (web-activex.rules)
 * 1:19109 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX function call access (web-activex.rules)
 * 1:19108 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules)
 * 1:19103 <-> ENABLED <-> WEB-ACTIVEX Symantec CLIProxy.dll ActiveX function call access (web-activex.rules)
 * 1:19102 <-> ENABLED <-> WEB-ACTIVEX Symantec CLIProxy.dll ActiveX clsid access (web-activex.rules)
 * 1:19085 <-> ENABLED <-> WEB-ACTIVEX LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (web-activex.rules)
 * 1:18975 <-> ENABLED <-> WEB-ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX function call access (web-activex.rules)
 * 1:18974 <-> ENABLED <-> WEB-ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX clsid access (web-activex.rules)
 * 1:18904 <-> ENABLED <-> WEB-ACTIVEX KingView ActiveX clsid access (web-activex.rules)
 * 1:18741 <-> ENABLED <-> WEB-ACTIVEX CrystalReports EnterpriseControls ActiveX clsid access (web-activex.rules)
 * 1:18668 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Messenger ActiveX clsid access (web-activex.rules)
 * 1:18523 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18522 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18521 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18520 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18519 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18518 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (specific-threats.rules)
 * 1:18490 <-> ENABLED <-> WEB-ACTIVEX Whale Client Components ActiveX clsid access (web-activex.rules)
 * 1:18325 <-> ENABLED <-> WEB-ACTIVEX Image Viewer CP Gold 6 ActiveX clsid access (web-activex.rules)
 * 1:18324 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX function call access (web-activex.rules)
 * 1:18323 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules)
 * 1:18322 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX function call access (web-activex.rules)
 * 1:18321 <-> ENABLED <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX clsid access (web-activex.rules)
 * 1:18241 <-> ENABLED <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX clsid access (web-activex.rules)
 * 1:18097 <-> ENABLED <-> WEB-ACTIVEX VMWare Remote Console Plug-In ActiveX clsid access (web-activex.rules)
 * 1:17770 <-> ENABLED <-> WEB-ACTIVEX Microsoft HtmlDlgHelper ActiveX clsid access (web-activex.rules)
 * 1:17676 <-> ENABLED <-> WEB-ACTIVEX Skype Extras Manager ActiveX function call access (web-activex.rules)
 * 1:17674 <-> ENABLED <-> WEB-ACTIVEX Skype Extras Manager ActiveX clsid access (web-activex.rules)
 * 1:17672 <-> ENABLED <-> WEB-ACTIVEX BigAnt Office Manager ActiveX function call access (web-activex.rules)
 * 1:17670 <-> ENABLED <-> WEB-ACTIVEX BigAnt Office Manager ActiveX clsid access (web-activex.rules)
 * 1:17616 <-> ENABLED <-> WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX function call access (web-activex.rules)
 * 1:17614 <-> ENABLED <-> WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX clsid access (web-activex.rules)
 * 1:17596 <-> ENABLED <-> WEB-ACTIVEX Microsoft ciodm.dll ActiveX clsid access (web-activex.rules)
 * 1:17595 <-> ENABLED <-> WEB-ACTIVEX Microsoft creator.dll 2 ActiveX clsid access (web-activex.rules)
 * 1:17594 <-> ENABLED <-> WEB-ACTIVEX Microsoft creator.dll 1 ActiveX clsid access (web-activex.rules)
 * 1:17593 <-> ENABLED <-> WEB-ACTIVEX Microsoft msdxm.ocx ActiveX clsid access (web-activex.rules)
 * 1:17592 <-> ENABLED <-> WEB-ACTIVEX Microsoft MyInfo.dll ActiveX clsid access (web-activex.rules)
 * 1:17588 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer Install Engine ActiveX clsid access (web-activex.rules)
 * 1:17163 <-> DISABLED <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call access (web-activex.rules)
 * 1:17464 <-> ENABLED <-> WEB-ACTIVEX AOL Radio AmpX ActiveX clsid access (web-activex.rules)
 * 1:17096 <-> DISABLED <-> WEB-ACTIVEX AOL WinAmpX ActiveX clsid access (web-activex.rules)
 * 1:17094 <-> ENABLED <-> WEB-ACTIVEX Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (web-activex.rules)
 * 1:17582 <-> ENABLED <-> WEB-ACTIVEX Symantec Norton AntiVirus CcErrDisp ActiveX function call access (web-activex.rules)
 * 1:17161 <-> DISABLED <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid access (web-activex.rules)
 * 1:17171 <-> DISABLED <-> WEB-ACTIVEX Oracle Siebel Option Pack 3 ActiveX clsid access (web-activex.rules)
 * 1:17099 <-> DISABLED <-> WEB-ACTIVEX CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX clsid access (web-activex.rules)
 * 1:17101 <-> DISABLED <-> WEB-ACTIVEX CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX function call access (web-activex.rules)
 * 3:19350 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Player Director file FFFFFF88 record integer overflow attempt (web-client.rules)