Sourcefire VRT Rules Update

Date: 2012-04-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules)
 * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules)
 * 1:21883 <-> DISABLED <-> WEB-ACTIVEX ICONICS WebHMI ActiveX clsid access attempt (web-activex.rules)
 * 1:21882 <-> DISABLED <-> WEB-ACTIVEX ICONICS WebHMI ActiveX clsid access attempt (web-activex.rules)
 * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:21880 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21879 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21878 <-> DISABLED <-> FILE-PDF Adobe Reader embedded TTF interger overflow attempt (file-pdf.rules)
 * 1:21877 <-> DISABLED <-> BOTNET-CNC OSX.Sabpub outbound connection (botnet-cnc.rules)
 * 1:21876 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Exploit landing page with specific structure - Loading (specific-threats.rules)
 * 1:21875 <-> ENABLED <-> SPECIFIC-THREATS Possible exploit kit post compromise activity - taskkill (specific-threats.rules)
 * 1:21874 <-> ENABLED <-> SPECIFIC-THREATS Possible exploit kit post compromise activity - StrReverse (specific-threats.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21871 <-> DISABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21870 <-> DISABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21869 <-> ENABLED <-> SPECIFIC-THREATS Java JRE sandbox breach attempt (specific-threats.rules)
 * 1:21868 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21865 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21864 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21863 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21862 <-> DISABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21861 <-> DISABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21860 <-> ENABLED <-> SPECIFIC-THREATS Phoenix exploit kit post-compromise behavior (specific-threats.rules)
 * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)

Modified Rules:


 * 1:16009 <-> DISABLED <-> SPECIFIC-THREATS Mozilla products overflow event handling memory corruption attempt (specific-threats.rules)
 * 1:16010 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Javascript Page update race condition attempt (specific-threats.rules)
 * 1:16011 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS property method handling memory corruption attempt (specific-threats.rules)
 * 1:16014 <-> DISABLED <-> DOS Novell eDirectory HTTP headers denial of service attempt (dos.rules)
 * 1:16047 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox layout frame constructor memory corruption attempt (specific-threats.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (specific-threats.rules)
 * 1:16065 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer location.replace memory corruption attempt (specific-threats.rules)
 * 1:16067 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer DOM object cache management memory corruption attempt (specific-threats.rules)
 * 1:16070 <-> DISABLED <-> SPECIFIC-THREATS X.org PCF parsing buffer overflow attempt (specific-threats.rules)
 * 1:16087 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor AV gateway virus detection bypass attempt (specific-threats.rules)
 * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules)
 * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules)
 * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16147 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows IIS malformed URL .dll denial of service attempt (specific-threats.rules)
 * 1:16148 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime and iTunes heap memory corruption attempt (specific-threats.rules)
 * 1:16159 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (web-activex.rules)
 * 1:16161 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (web-activex.rules)
 * 1:16163 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (web-activex.rules)
 * 1:16165 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (web-activex.rules)
 * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules)
 * 1:16214 <-> DISABLED <-> DOS Squid Proxy invalid HTTP response code denial of service attempt (dos.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16292 <-> DISABLED <-> SPECIFIC-THREATS Mozilla CSS value counter overflow attempt (specific-threats.rules)
 * 1:1631 <-> DISABLED <-> POLICY-SOCIAL AIM login (policy-social.rules)
 * 1:16319 <-> DISABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat attempt (web-client.rules)
 * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules)
 * 1:1633 <-> DISABLED <-> POLICY-SOCIAL AIM receive message (policy-social.rules)
 * 1:16344 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox top-level script object offset calculation memory corruption attempt (specific-threats.rules)
 * 1:16371 <-> DISABLED <-> WEB-ACTIVEX NOS Microsystems Adobe atl_getcom ActiveX clsid access (web-activex.rules)
 * 1:16378 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (web-client.rules)
 * 1:16382 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (web-client.rules)
 * 1:16384 <-> ENABLED <-> DOS VMware Server ISAPI Extension remote denial of service attempt (dos.rules)
 * 1:16386 <-> DISABLED <-> WEB-ACTIVEX AcroPDF.PDF ActiveX clsid access (web-activex.rules)
 * 1:16388 <-> DISABLED <-> WEB-ACTIVEX AcroPDF.PDF ActiveX function call access (web-activex.rules)
 * 1:1639 <-> DISABLED <-> POLICY-SOCIAL IRC DCC file transfer request (policy-social.rules)
 * 1:1640 <-> DISABLED <-> POLICY-SOCIAL IRC DCC chat request (policy-social.rules)
 * 1:16411 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules)
 * 1:16419 <-> DISABLED <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access (web-activex.rules)
 * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules)
 * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules)
 * 1:16452 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer .hlp samba share download attempt (web-client.rules)
 * 1:16467 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules)
 * 1:16468 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16492 <-> DISABLED <-> WEB-CLIENT Apple Safari inline text box use after free attempt (web-client.rules)
 * 1:16507 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:16510 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID (web-activex.rules)
 * 1:16511 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by ProgID (web-activex.rules)
 * 1:16512 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer malformed span/div html document heap corruption attempt (exploit.rules)
 * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules)
 * 1:16546 <-> ENABLED <-> FILE-PDF Adobe Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules)
 * 1:16573 <-> DISABLED <-> WEB-ACTIVEX obfuscated ActiveX object instantiation via unescape (web-activex.rules)
 * 1:16574 <-> DISABLED <-> WEB-ACTIVEX obfuscated ActiveX object instantiation via fromCharCode (web-activex.rules)
 * 1:16593 <-> ENABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules)
 * 1:16631 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari image use after remove attempt (specific-threats.rules)
 * 1:16632 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari image use after reparent attempt (specific-threats.rules)
 * 1:16635 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (web-activex.rules)
 * 1:16659 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer style sheet array memory corruption attempt (exploit.rules)
 * 1:16660 <-> DISABLED <-> DOS Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (dos.rules)
 * 1:16664 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat authplay.dll vulnerability exploit attempt (file-pdf.rules)
 * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16683 <-> ENABLED <-> WEB-MISC Nullsoft Winamp CAF file processing integer overflow attempt (web-misc.rules)
 * 1:16726 <-> DISABLED <-> WEB-CLIENT gAlan malformed file stack overflow attempt (web-client.rules)
 * 1:16767 <-> DISABLED <-> WEB-ACTIVEX AwingSoft Web3D Player ActiveX clsid access (web-activex.rules)
 * 1:16769 <-> DISABLED <-> WEB-ACTIVEX AwingSoft Web3D Player ActiveX function call access (web-activex.rules)
 * 1:16772 <-> DISABLED <-> WEB-ACTIVEX EMC Captiva QuickScan Pro ActiveX clsid access (web-activex.rules)
 * 1:16783 <-> DISABLED <-> WEB-ACTIVEX Autodesk iDrop ActiveX clsid access (web-activex.rules)
 * 1:16784 <-> DISABLED <-> WEB-ACTIVEX Autodesk iDrop ActiveX function call access (web-activex.rules)
 * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules)
 * 1:17037 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Access multiple control instantiation memory corruption attempt (web-activex.rules)
 * 1:17039 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules)
 * 1:17049 <-> DISABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt via POST (web-misc.rules)
 * 1:17051 <-> DISABLED <-> WEB-ACTIVEX Symantec AppStream Client LaunchObj ActiveX clsid access (web-activex.rules)
 * 1:17063 <-> DISABLED <-> WEB-ACTIVEX Logitech Video Call 1 ActiveX clsid access (web-activex.rules)
 * 1:17065 <-> DISABLED <-> WEB-ACTIVEX Logitech Video Call 2 ActiveX clsid access (web-activex.rules)
 * 1:17067 <-> DISABLED <-> WEB-ACTIVEX Logitech Video Call 3 ActiveX clsid access (web-activex.rules)
 * 1:17069 <-> DISABLED <-> WEB-ACTIVEX Logitech Video Call 4 ActiveX clsid access (web-activex.rules)
 * 1:17071 <-> DISABLED <-> WEB-ACTIVEX Logitech Video Call 5 ActiveX clsid access (web-activex.rules)
 * 1:17073 <-> DISABLED <-> WEB-ACTIVEX Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX clsid access (web-activex.rules)
 * 1:17075 <-> DISABLED <-> WEB-ACTIVEX Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX function call access (web-activex.rules)
 * 1:17111 <-> ENABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules)
 * 1:17143 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (web-client.rules)
 * 1:17144 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules)
 * 1:17145 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules)
 * 1:17146 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules)
 * 1:17147 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS4 ABR file processing buffer overflow attempt (specific-threats.rules)
 * 1:17166 <-> DISABLED <-> WEB-CLIENT Mozilla multiple products JavaScript string replace buffer overflow attempt (web-client.rules)
 * 1:17207 <-> ENABLED <-> EXPLOIT IBM Cognos Server backdoor account remote code execution attempt (exploit.rules)
 * 1:17212 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt (web-client.rules)
 * 1:17219 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17220 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17221 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17222 <-> DISABLED <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules)
 * 1:17225 <-> ENABLED <-> SPECIFIC-THREATS Alt-N MDaemon WorldClient invalid user (specific-threats.rules)
 * 1:17226 <-> DISABLED <-> WEB-ACTIVEX AXIS Camera ActiveX initialization via script (web-activex.rules)
 * 1:17233 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:17236 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (web-client.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17265 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox plugin access control bypass attempt (web-client.rules)
 * 1:17266 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (specific-threats.rules)
 * 1:17268 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox sidebar panel arbitrary code execution attempt (specific-threats.rules)
 * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules)
 * 1:17281 <-> DISABLED <-> SPECIFIC-THREATS Panda Antivirus ZOO archive decompression buffer overflow attempt (specific-threats.rules)
 * 1:17282 <-> DISABLED <-> MISC Panda Antivirus ZOO archive decompression buffer overflow attempt (misc.rules)
 * 1:17286 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Visual Basic for Applications document properties overflow attempt (specific-threats.rules)
 * 1:1729 <-> DISABLED <-> POLICY-SOCIAL IRC channel join (policy-social.rules)
 * 1:17303 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer clone object memory corruption attempt (web-client.rules)
 * 1:17310 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer Memory Allocation Code Execution (file-office.rules)
 * 1:17312 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (specific-threats.rules)
 * 1:17347 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17348 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17349 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17351 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (web-client.rules)
 * 1:17352 <-> DISABLED <-> EXPLOIT ClamAV CHM File Handling Integer Overflow attempt (exploit.rules)
 * 1:17354 <-> DISABLED <-> SPECIFIC-THREATS Apache Byte-Range Filter denial of service attempt (specific-threats.rules)
 * 1:17355 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG Decoder Vulnerabilities attempt (web-client.rules)
 * 1:17356 <-> DISABLED <-> EXPLOIT NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (exploit.rules)
 * 1:17358 <-> DISABLED <-> EXPLOIT ClamAV UPX File Handling Buffer Overflow attempt (exploit.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules)
 * 1:17383 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules)
 * 1:17387 <-> DISABLED <-> WEB-MISC Apache Tomcat allowLinking URIencoding directory traversal attempt (web-misc.rules)
 * 1:17405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17408 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX Targa image file heap overflow attempt (web-client.rules)
 * 1:17409 <-> DISABLED <-> WEB-CLIENT Mozilla Products IDN Spoofing Vulnerability Attempt (web-client.rules)
 * 1:17411 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CDF cross-domain scripting attempt (specific-threats.rules)
 * 1:17414 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17420 <-> DISABLED <-> WEB-MISC Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (web-misc.rules)
 * 1:17423 <-> DISABLED <-> WEB-MISC Citrix Program Neighborhood Agent Buffer Overflow attempt (web-misc.rules)
 * 1:17424 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (specific-threats.rules)
 * 1:17434 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Unicode sequence handling stack corruption attempt (web-client.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17442 <-> ENABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules)
 * 1:17457 <-> DISABLED <-> WEB-CLIENT Adobe Flash ActionDefineFunction memory access vulnerability exploit attempt (web-client.rules)
 * 1:17458 <-> DISABLED <-> WEB-CLIENT BitDefender Internet Security script code execution attempt (web-client.rules)
 * 1:17461 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer zipped skin file buffer overflow attempt (specific-threats.rules)
 * 1:17463 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer File Download Dialog Box Manipulation (specific-threats.rules)
 * 1:17464 <-> DISABLED <-> WEB-ACTIVEX AOL Radio AmpX ActiveX clsid access (web-activex.rules)
 * 1:17482 <-> DISABLED <-> WEB-CLIENT Mozilla NNTP URL Handling Buffer Overflow attempt (web-client.rules)
 * 1:17520 <-> ENABLED <-> EXPLOIT CA ARCserve Backup DB Engine Denial of Service (exploit.rules)
 * 1:17527 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (specific-threats.rules)
 * 1:17529 <-> DISABLED <-> SPECIFIC-THREATS Adobe RoboHelp Server Arbitrary File Upload and Execute (specific-threats.rules)
 * 1:17532 <-> DISABLED <-> FILE-OFFICE Microsoft Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules)
 * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules)
 * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17553 <-> DISABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17557 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX operation parameter overflow (web-activex.rules)
 * 1:17565 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules)
 * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17575 <-> DISABLED <-> WEB-ACTIVEX SizerOne 2 ActiveX clsid access (web-activex.rules)
 * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules)
 * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules)
 * 1:17582 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton AntiVirus CcErrDisp ActiveX function call access (web-activex.rules)
 * 1:17585 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer possible javascript onunload event memory corruption (specific-threats.rules)
 * 1:17586 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start malicious parameter value (web-client.rules)
 * 1:17587 <-> DISABLED <-> SPECIFIC-THREATS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (specific-threats.rules)
 * 1:17588 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer Install Engine ActiveX clsid access (web-activex.rules)
 * 1:17592 <-> DISABLED <-> WEB-ACTIVEX Microsoft MyInfo.dll ActiveX clsid access (web-activex.rules)
 * 1:17605 <-> ENABLED <-> WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt (web-cgi.rules)
 * 1:17613 <-> ENABLED <-> WEB-MISC Mozilla Firefox browser engine memory corruption attempt (web-misc.rules)
 * 1:17622 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer object reference memory corruption attempt (specific-threats.rules)
 * 1:17629 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules)
 * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules)
 * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules)
 * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules)
 * 1:17642 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (web-client.rules)
 * 1:17650 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (specific-threats.rules)
 * 1:17653 <-> DISABLED <-> WEB-MISC Microsoft Windows IIS source code disclosure attempt (web-misc.rules)
 * 1:17669 <-> ENABLED <-> SPECIFIC-THREATS Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (specific-threats.rules)
 * 1:17670 <-> DISABLED <-> WEB-ACTIVEX BigAnt Office Manager ActiveX clsid access (web-activex.rules)
 * 1:17672 <-> DISABLED <-> WEB-ACTIVEX BigAnt Office Manager ActiveX function call access (web-activex.rules)
 * 1:17674 <-> DISABLED <-> WEB-ACTIVEX Skype Extras Manager ActiveX clsid access (web-activex.rules)
 * 1:17676 <-> DISABLED <-> WEB-ACTIVEX Skype Extras Manager ActiveX function call access (web-activex.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17703 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer popup title bar spoofing attempt (specific-threats.rules)
 * 1:17705 <-> DISABLED <-> WEB-IIS web agent chunked encoding overflow attempt (web-iis.rules)
 * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules)
 * 1:17711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ASF parsing memory corruption attempt (web-client.rules)
 * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17720 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:17725 <-> DISABLED <-> WEB-CLIENT Opera file URI handling buffer overflow (web-client.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17772 <-> DISABLED <-> WEB-ACTIVEX Microsoft Scriptlet Component ActiveX clsid access (web-activex.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:1789 <-> DISABLED <-> POLICY-SOCIAL IRC dns request (policy-social.rules)
 * 1:1790 <-> DISABLED <-> POLICY-SOCIAL IRC dns response (policy-social.rules)
 * 1:18097 <-> DISABLED <-> WEB-ACTIVEX VMWare Remote Console Plug-In ActiveX clsid access (web-activex.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:18197 <-> DISABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt (web-activex.rules)
 * 1:18198 <-> DISABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt (web-activex.rules)
 * 1:18199 <-> DISABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt (web-activex.rules)
 * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:1832 <-> DISABLED <-> POLICY-SOCIAL ICQ forced user addition (policy-social.rules)
 * 1:18321 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX clsid access (web-activex.rules)
 * 1:18322 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX function call access (web-activex.rules)
 * 1:18323 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules)
 * 1:18324 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX function call access (web-activex.rules)
 * 1:18325 <-> DISABLED <-> WEB-ACTIVEX Image Viewer CP Gold 6 ActiveX clsid access (web-activex.rules)
 * 1:18450 <-> DISABLED <-> FILE-PDF Adobe Reader malformed BMP RGBQUAD attempt (file-pdf.rules)
 * 1:18490 <-> DISABLED <-> WEB-ACTIVEX Whale Client Components ActiveX clsid access (web-activex.rules)
 * 1:18491 <-> DISABLED <-> WEB-ACTIVEX Whale Client Components ActiveX ProgID access (web-activex.rules)
 * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules)
 * 1:18518 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (specific-threats.rules)
 * 1:18519 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18520 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18521 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18522 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18523 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18526 <-> ENABLED <-> FILE-PDF Adobe Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18537 <-> ENABLED <-> WEB-CLIENT OpenOffice.org XPM file processing integer overflow attempt (web-client.rules)
 * 1:18541 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules)
 * 1:18592 <-> DISABLED <-> SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit (specific-threats.rules)
 * 1:18642 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18741 <-> DISABLED <-> WEB-ACTIVEX CrystalReports EnterpriseControls ActiveX clsid access (web-activex.rules)
 * 1:18766 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL CMS structure OriginatorInfo memory corruption attempt (specific-threats.rules)
 * 1:18803 <-> DISABLED <-> WEB-MISC Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (web-misc.rules)
 * 1:18809 <-> DISABLED <-> WEB-CLIENT Mozilla EnsureCachedAttrPraramArrays integer overflow attempt (web-client.rules)
 * 1:18904 <-> DISABLED <-> WEB-ACTIVEX KingView ActiveX clsid access (web-activex.rules)
 * 1:18929 <-> DISABLED <-> ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (oracle.rules)
 * 1:18930 <-> DISABLED <-> WEB-MISC HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (web-misc.rules)
 * 1:18957 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18959 <-> DISABLED <-> WEB-MISC VMware SpringSource Spring Framework class.classloader remote code execution attempt (web-misc.rules)
 * 1:18972 <-> DISABLED <-> ORACLE Oracle Secure Backup Administration selector variable command injection attempt (oracle.rules)
 * 1:18973 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit button first-letter style rendering code execution attempt (web-client.rules)
 * 1:18974 <-> DISABLED <-> WEB-ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX clsid access (web-activex.rules)
 * 1:18975 <-> DISABLED <-> WEB-ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX function call access (web-activex.rules)
 * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:19072 <-> DISABLED <-> EXPLOIT RealNetworks Helix Server NTLM authentication heap overflow attempt (exploit.rules)
 * 1:19085 <-> DISABLED <-> WEB-ACTIVEX LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (web-activex.rules)
 * 1:19086 <-> DISABLED <-> WEB-ACTIVEX LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (web-activex.rules)
 * 1:19097 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit ContentEditable code execution attempt (specific-threats.rules)
 * 1:19098 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit ContentEditable code exeuction attempt (specific-threats.rules)
 * 1:19099 <-> DISABLED <-> WEB-CLIENT Apple Safari CSS font format corruption attempt (web-client.rules)
 * 1:19100 <-> DISABLED <-> WEB-CLIENT Oracle Java Soundbank resource name overflow attempt (web-client.rules)
 * 1:19102 <-> DISABLED <-> WEB-ACTIVEX Symantec CLIProxy.dll ActiveX clsid access (web-activex.rules)
 * 1:19103 <-> DISABLED <-> WEB-ACTIVEX Symantec CLIProxy.dll ActiveX function call access (web-activex.rules)
 * 1:19108 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules)
 * 1:19109 <-> DISABLED <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX function call access (web-activex.rules)
 * 1:19145 <-> DISABLED <-> SPECIFIC-THREATS Adobe flash player newfunction memory corruption attempt (specific-threats.rules)
 * 1:19151 <-> DISABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid access (web-activex.rules)
 * 1:19152 <-> DISABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX function call access (web-activex.rules)
 * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:19174 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista feed headlines cross-site scripting attack attempt (web-client.rules)
 * 1:19197 <-> DISABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX clsid access (web-activex.rules)
 * 1:19198 <-> DISABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX function call access (web-activex.rules)
 * 1:19203 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19211 <-> DISABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19212 <-> DISABLED <-> EXPLOIT Microsoft Windows MFC Document title updating buffer overflow attempt (exploit.rules)
 * 1:19215 <-> DISABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules)
 * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules)
 * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules)
 * 1:19405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19406 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19407 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19437 <-> DISABLED <-> INDICATOR-OBFUSCATION select concat statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:19444 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media sample duration header RCE attempt (web-client.rules)
 * 1:19561 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer ieframe.dll ActiveX clsid access (web-activex.rules)
 * 1:19562 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (web-activex.rules)
 * 1:19563 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX function call access (web-activex.rules)
 * 1:19564 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (web-activex.rules)
 * 1:19565 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealGames InstallerDlg.dll ActiveX function call access (web-activex.rules)
 * 1:19610 <-> DISABLED <-> WEB-ACTIVEX ShockwaveFlash.ShockwaveFlash ActiveX function call access (web-activex.rules)
 * 1:19650 <-> DISABLED <-> WEB-ACTIVEX Cisco AnyConnect ActiveX clsid access (web-activex.rules)
 * 1:19651 <-> DISABLED <-> WEB-ACTIVEX Cisco AnyConnect ActiveX function call access (web-activex.rules)
 * 1:19675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules)
 * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules)
 * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:19814 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer empty table tag memory corruption attempt (exploit.rules)
 * 1:1986 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer request (policy-social.rules)
 * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules)
 * 1:1988 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer accept (policy-social.rules)
 * 1:1989 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer rejected (policy-social.rules)
 * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules)
 * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules)
 * 1:1990 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN user search (policy-social.rules)
 * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules)
 * 1:1991 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN login attempt (policy-social.rules)
 * 1:19925 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (web-activex.rules)
 * 1:1993 <-> DISABLED <-> IMAP login literal buffer overflow attempt (imap.rules)
 * 1:19932 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules)
 * 1:19956 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Movie Maker project file heap buffer overflow attempt (web-client.rules)
 * 1:20044 <-> DISABLED <-> WEB-ACTIVEX F-Secure Anti-Virus fsresh.dll clsid access (web-activex.rules)
 * 1:20071 <-> DISABLED <-> WEB-ACTIVEX WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (web-activex.rules)
 * 1:20175 <-> DISABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX clsid access (web-activex.rules)
 * 1:20246 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20247 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20274 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20285 <-> DISABLED <-> WEB-ACTIVEX Black Ice Barcode SDK ActiveX clsid access (web-activex.rules)
 * 1:20286 <-> DISABLED <-> WEB-ACTIVEX Black Ice Barcode SDK ActiveX function call access (web-activex.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20463 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detected (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20536 <-> DISABLED <-> WEB-ACTIVEX Moxa MediaDBPlayback.DLL ActiveX clsid access (web-activex.rules)
 * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules)
 * 1:20573 <-> DISABLED <-> WEB-ACTIVEX Oracle AutoVueX Control ExportEdaBom ActiveX clsid access (web-activex.rules)
 * 1:20574 <-> DISABLED <-> WEB-ACTIVEX Oracle AutoVueX Control ExportEdaBom ActiveX function call access (web-activex.rules)
 * 1:20591 <-> DISABLED <-> WEB-ACTIVEX Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (web-activex.rules)
 * 1:20592 <-> DISABLED <-> WEB-ACTIVEX Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (web-activex.rules)
 * 1:20704 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer #default#time behavior attack attempt (web-activex.rules)
 * 1:20705 <-> DISABLED <-> WEB-ACTIVEX Microsoft Time DATIME.DLL ActiveX clsid access (web-activex.rules)
 * 1:20706 <-> DISABLED <-> WEB-ACTIVEX Microsoft Time DATIME.DLL ActiveX clsid access (web-activex.rules)
 * 1:20707 <-> DISABLED <-> WEB-ACTIVEX Dell IT Assistant ActiveX clsid access (web-activex.rules)
 * 1:20708 <-> DISABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:20709 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20710 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20711 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20712 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20713 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20714 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20715 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20716 <-> DISABLED <-> WEB-ACTIVEX Yahoo!  CD Player ActiveX clsid access (web-activex.rules)
 * 1:20834 <-> DISABLED <-> WEB-ACTIVEX Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (web-activex.rules)
 * 1:20835 <-> DISABLED <-> WEB-ACTIVEX Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (web-activex.rules)
 * 1:20846 <-> DISABLED <-> WEB-ACTIVEX Oracle Hyperion strategic finance client SetDevNames heap buffer overflow ActiveX clsid access (web-activex.rules)
 * 1:20847 <-> DISABLED <-> WEB-ACTIVEX Oracle Hyperion strategic finance client SetDevNames heap buffer overflow ActiveX function call access (web-activex.rules)
 * 1:15084 <-> ENABLED <-> WEB-ACTIVEX Microsoft Common Controls Animation Object ActiveX clsid access (web-activex.rules)
 * 1:13896 <-> DISABLED <-> SQL Microsoft SQL server MTF file download (sql.rules)
 * 1:13893 <-> DISABLED <-> WEB-CLIENT Microsoft malformed saved search heap corruption attempt (web-client.rules)
 * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules)
 * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules)
 * 1:13834 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer request header overwrite (web-client.rules)
 * 1:13832 <-> DISABLED <-> WEB-ACTIVEX backweb ActiveX clsid access (web-activex.rules)
 * 1:13830 <-> DISABLED <-> WEB-ACTIVEX sapi.dll alternate killbit ActiveX clsid access (web-activex.rules)
 * 1:13828 <-> DISABLED <-> WEB-ACTIVEX sapi.dll ActiveX clsid access (web-activex.rules)
 * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules)
 * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules)
 * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules)
 * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules)
 * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules)
 * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13734 <-> DISABLED <-> WEB-ACTIVEX HP eSupportDiagnostics 10 ActiveX clsid access (web-activex.rules)
 * 1:13677 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer data stream memory corruption attempt (exploit.rules)
 * 1:13665 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules)
 * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules)
 * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules)
 * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules)
 * 1:13621 <-> DISABLED <-> WEB-ACTIVEX CA BrightStor ListCtrl ActiveX clsid access (web-activex.rules)
 * 1:13603 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer Download Handler ActiveX function call access (web-activex.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13580 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Web Components remote code execution attempt ActiveX clsid access (web-activex.rules)
 * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules)
 * 1:13572 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules)
 * 1:13539 <-> DISABLED <-> WEB-ACTIVEX Symantec Backup Exec ActiveX clsid access (web-activex.rules)
 * 1:13525 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules)
 * 1:13523 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules)
 * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules)
 * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules)
 * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules)
 * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules)
 * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules)
 * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules)
 * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules)
 * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules)
 * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules)
 * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13483 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules)
 * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules)
 * 1:13472 <-> DISABLED <-> EXPLOIT Microsoft Works invalid chunk size (exploit.rules)
 * 1:13470 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13451 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual FoxPro foxtlib ActiveX clsid access (web-activex.rules)
 * 1:13449 <-> DISABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (web-client.rules)
 * 1:13361 <-> DISABLED <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules)
 * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules)
 * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules)
 * 1:13321 <-> DISABLED <-> WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX clsid access (web-activex.rules)
 * 1:13303 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual FoxPro 2 ActiveX clsid access (web-activex.rules)
 * 1:13302 <-> DISABLED <-> WEB-CLIENT Apache mod_imagemap cross site scripting attempt (web-client.rules)
 * 1:13294 <-> DISABLED <-> WEB-ACTIVEX Microsoft Rich TextBox ActiveX clsid access (web-activex.rules)
 * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules)
 * 1:13262 <-> DISABLED <-> WEB-ACTIVEX IBM Lotus Domino Web Access 7 ActiveX clsid access (web-activex.rules)
 * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules)
 * 1:13224 <-> DISABLED <-> WEB-ACTIVEX Yahoo Toolbar YShortcut ActiveX clsid access (web-activex.rules)
 * 1:13219 <-> DISABLED <-> WEB-ACTIVEX HP Software Update RulesEngine.dll ActiveX clsid access (web-activex.rules)
 * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules)
 * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules)
 * 1:12729 <-> DISABLED <-> WEB-ACTIVEX AOL Radio AmpX ActiveX clsid access (web-activex.rules)
 * 1:12688 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:12685 <-> DISABLED <-> EXPLOIT IBM Tivoli Storage Manger Express CAD Host buffer overflow (exploit.rules)
 * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules)
 * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules)
 * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules)
 * 1:12629 <-> DISABLED <-> WEB-MISC Microsoft Windows Sharepoint cross site scripting attempt (web-misc.rules)
 * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules)
 * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules)
 * 1:12618 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Basic VBP file reference overflow attempt (web-client.rules)
 * 1:12614 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows MFC Library ActiveX function call access (web-activex.rules)
 * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules)
 * 1:12591 <-> DISABLED <-> DOS Apache mod_cache denial of service attempt (dos.rules)
 * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules)
 * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules)
 * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules)
 * 1:12474 <-> DISABLED <-> WEB-ACTIVEX Oracle Java Web Start ActiveX function call access (web-activex.rules)
 * 1:12472 <-> DISABLED <-> WEB-ACTIVEX Oracle Java Web Start ActiveX clsid access (web-activex.rules)
 * 1:12459 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid access (web-activex.rules)
 * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12452 <-> DISABLED <-> WEB-ACTIVEX MS Agent File Provider ActiveX clsid access (web-activex.rules)
 * 1:12450 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Control ActiveX function call access (web-activex.rules)
 * 1:12448 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Control ActiveX clsid access (web-activex.rules)
 * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules)
 * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules)
 * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules)
 * 1:12347 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules)
 * 1:12341 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules)
 * 1:12335 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules)
 * 1:12332 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules)
 * 1:12326 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12307 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules)
 * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules)
 * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules)
 * 1:12293 <-> ENABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules)
 * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules)
 * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules)
 * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules)
 * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules)
 * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules)
 * 1:12286 <-> DISABLED <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules)
 * 1:12280 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12279 <-> DISABLED <-> WEB-CLIENT Microsoft XML substringData integer overflow attempt (web-client.rules)
 * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules)
 * 1:12270 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX function call (web-activex.rules)
 * 1:12269 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-activex.rules)
 * 1:12252 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32OAA ActiveX function call access (web-activex.rules)
 * 1:12250 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32OAA ActiveX clsid access (web-activex.rules)
 * 1:12248 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32 ActiveX function call access (web-activex.rules)
 * 1:12246 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32 ActiveX clsid access (web-activex.rules)
 * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules)
 * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules)
 * 1:12223 <-> DISABLED <-> EXPLOIT Novell WebAdmin long user name (exploit.rules)
 * 1:12205 <-> DISABLED <-> WEB-ACTIVEX VMWare Vielib.dll ActiveX function call access (web-activex.rules)
 * 1:12203 <-> DISABLED <-> WEB-ACTIVEX VMWare Vielib.dll ActiveX clsid access (web-activex.rules)
 * 1:12195 <-> DISABLED <-> WEB-ACTIVEX Yahoo Widgets Engine ActiveX function call access (web-activex.rules)
 * 1:12193 <-> DISABLED <-> WEB-ACTIVEX Yahoo Widgets Engine ActiveX clsid access (web-activex.rules)
 * 1:12183 <-> DISABLED <-> EXPLOIT Adobe FLV long string script data buffer overflow (exploit.rules)
 * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules)
 * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules)
 * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules)
 * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules)
 * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules)
 * 1:11966 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS tag memory corruption attempt (web-client.rules)
 * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:11942 <-> DISABLED <-> WEB-ACTIVEX Westbyte internet download accelerator ActiveX clsid access (web-activex.rules)
 * 1:11838 <-> DISABLED <-> WEB-MISC Microsoft Windows API res buffer overflow attempt (web-misc.rules)
 * 1:11836 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules)
 * 1:11830 <-> DISABLED <-> WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX clsid access (web-activex.rules)
 * 1:11822 <-> DISABLED <-> WEB-ACTIVEX Yahoo Webcam Upload ActiveX clsid access (web-activex.rules)
 * 1:11687 <-> DISABLED <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules)
 * 1:11324 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 3 ActiveX function call access (web-activex.rules)
 * 1:11199 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Viewer ActiveX clsid access (web-activex.rules)
 * 1:10986 <-> DISABLED <-> WEB-ACTIVEX GraceNote CDDB ActiveX clsid access (web-activex.rules)
 * 1:10982 <-> DISABLED <-> WEB-ACTIVEX Second Sight Software ActiveMod ActiveX clsid access (web-activex.rules)
 * 1:10978 <-> DISABLED <-> WEB-ACTIVEX Second Sight Software ActiveGS ActiveX clsid access (web-activex.rules)
 * 1:10470 <-> DISABLED <-> WEB-ACTIVEX iPIX Media Send Class ActiveX clsid access (web-activex.rules)
 * 1:10468 <-> DISABLED <-> WEB-ACTIVEX iPIX Image Well ActiveX function call access (web-activex.rules)
 * 1:10466 <-> DISABLED <-> WEB-ACTIVEX iPIX Image Well ActiveX clsid access (web-activex.rules)
 * 1:10393 <-> DISABLED <-> WEB-ACTIVEX Symantec SupportSoft SmartIssue ActiveX clsid access (web-activex.rules)
 * 1:10216 <-> DISABLED <-> WEB-ACTIVEX Shockwave ActiveX Control ActiveX function call access (web-activex.rules)
 * 1:10214 <-> DISABLED <-> WEB-ACTIVEX Shockwave ActiveX Control ActiveX clsid access (web-activex.rules)
 * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
 * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules)
 * 1:10189 <-> DISABLED <-> WEB-ACTIVEX DivXBrowserPlugin ActiveX clsid access (web-activex.rules)
 * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules)
 * 1:10176 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Shell User Enumeration Object ActiveX clsid access (web-activex.rules)
 * 1:10170 <-> DISABLED <-> WEB-ACTIVEX Verisign ConfigCHK ActiveX clsid access (web-activex.rules)
 * 1:10162 <-> DISABLED <-> WEB-ACTIVEX BrowseDialog ActiveX clsid access (web-activex.rules)
 * 1:10156 <-> DISABLED <-> WEB-ACTIVEX ActiveX Soft DVD Tools ActiveX clsid access (web-activex.rules)
 * 1:10154 <-> DISABLED <-> WEB-ACTIVEX BlnSetUser Proxy 2 ActiveX clsid access (web-activex.rules)
 * 1:10151 <-> DISABLED <-> WEB-ACTIVEX BlnSetUser Proxy ActiveX clsid access (web-activex.rules)
 * 1:10148 <-> DISABLED <-> WEB-ACTIVEX HTML Inline Movie Control ActiveX clsid access (web-activex.rules)
 * 1:10145 <-> DISABLED <-> WEB-ACTIVEX HTML Inline Sound Control ActiveX clsid access (web-activex.rules)
 * 1:10142 <-> DISABLED <-> WEB-ACTIVEX LexRefBilingualTextContext ActiveX clsid access (web-activex.rules)
 * 1:10140 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 2 ActiveX clsid access (web-activex.rules)
 * 1:10137 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor ActiveX clsid access (web-activex.rules)
 * 1:10135 <-> DISABLED <-> DOS Squid proxy FTP denial of service attempt (dos.rules)
 * 1:10128 <-> DISABLED <-> WEB-ACTIVEX Aliplay ActiveX clsid access (web-activex.rules)
 * 1:10116 <-> ENABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules)
 * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules)
 * 1:10015 <-> DISABLED <-> WEB-ACTIVEX Oracle ORADC ActiveX clsid access (web-activex.rules)
 * 1:13905 <-> DISABLED <-> WEB-ACTIVEX Microsoft Access Snapshot Viewer 1 ActiveX function call access (web-activex.rules)
 * 1:13911 <-> DISABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:13916 <-> ENABLED <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules)
 * 1:13926 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules)
 * 1:13965 <-> DISABLED <-> WEB-ACTIVEX Microsoft Message System ActiveX clsid access (web-activex.rules)
 * 1:13967 <-> DISABLED <-> WEB-ACTIVEX Microsoft Message System ActiveX function call access (web-activex.rules)
 * 1:13971 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules)
 * 1:13980 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer http status response memory corruption vulnerability (web-client.rules)
 * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13989 <-> ENABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:14013 <-> DISABLED <-> WEB-ACTIVEX WebEx Meeting Manager atucfobj ActiveX clsid access (web-activex.rules)
 * 1:14021 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Studio Msmask32 ActiveX clsid access (web-activex.rules)
 * 1:14025 <-> DISABLED <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX clsid access (web-activex.rules)
 * 1:14035 <-> DISABLED <-> WEB-ACTIVEX Orbit Downloader ActiveX function call access (web-activex.rules)
 * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules)
 * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules)
 * 1:14170 <-> DISABLED <-> WEB-ACTIVEX Aurigma unspecified 42 ActiveX clsid access (web-activex.rules)
 * 1:14261 <-> DISABLED <-> WEB-CLIENT Microsoft Windows GDI VML gradient size heap overflow attempt (web-client.rules)
 * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules)
 * 1:1463 <-> DISABLED <-> POLICY-SOCIAL IRC message (policy-social.rules)
 * 1:14644 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain unfocusable HTML element (web-client.rules)
 * 1:14645 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain setExpression exploit attempt (web-client.rules)
 * 1:14774 <-> DISABLED <-> EXPLOIT HP OpenView Network Node Manger connectedNodes command injection attempt (exploit.rules)
 * 1:15081 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start xml encoding buffer overflow attempt (web-client.rules)
 * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules)
 * 1:15086 <-> ENABLED <-> WEB-ACTIVEX Microsoft Common Controls Animation Object ActiveX function call access (web-activex.rules)
 * 1:15088 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic Charts ActiveX clsid access (web-activex.rules)
 * 1:15090 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic Charts ActiveX function call access (web-activex.rules)
 * 1:15092 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic DataGrid ActiveX clsid access (web-activex.rules)
 * 1:15094 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic DataGrid ActiveX function call access (web-activex.rules)
 * 1:15096 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic FlexGrid ActiveX clsid access (web-activex.rules)
 * 1:15098 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic FlexGrid ActiveX function call access (web-activex.rules)
 * 1:15100 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid access (web-activex.rules)
 * 1:15102 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call access (web-activex.rules)
 * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules)
 * 1:15109 <-> DISABLED <-> WEB-ACTIVEX Shell.Explorer 1 ActiveX clsid access (web-activex.rules)
 * 1:15112 <-> DISABLED <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX function call access (web-activex.rules)
 * 1:15114 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer embed src buffer overflow attempt (web-client.rules)
 * 1:15122 <-> DISABLED <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX clsid access (web-activex.rules)
 * 1:15147 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed iframe buffer overflow attempt (web-client.rules)
 * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules)
 * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules)
 * 1:15192 <-> DISABLED <-> WEB-ACTIVEX SizerOne ActiveX clsid access (web-activex.rules)
 * 1:15236 <-> DISABLED <-> WEB-CLIENT ACD Systems ACDSee XPM file format overflow attempt (web-client.rules)
 * 1:15243 <-> DISABLED <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules)
 * 1:15266 <-> DISABLED <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX clsid access (web-activex.rules)
 * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules)
 * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules)
 * 1:15305 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:15362 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack (indicator-obfuscation.rules)
 * 1:15363 <-> ENABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules)
 * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules)
 * 1:15428 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15445 <-> ENABLED <-> ORACLE Oracle Application Server BPEL module cross site scripting attempt (oracle.rules)
 * 1:15455 <-> ENABLED <-> FILE-OFFICE Microsoft WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules)
 * 1:15462 <-> DISABLED <-> WEB-CLIENT Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (web-client.rules)
 * 1:15466 <-> ENABLED <-> FILE-OFFICE Microsoft WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules)
 * 1:15468 <-> DISABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat dll request (web-client.rules)
 * 1:15499 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (file-office.rules)
 * 1:15500 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules)
 * 1:15504 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules)
 * 1:15505 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules)
 * 1:15506 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules)
 * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules)
 * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules)
 * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules)
 * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules)
 * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules)
 * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15638 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid access (web-activex.rules)
 * 1:15670 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access (web-activex.rules)
 * 1:15685 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:15687 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (web-activex.rules)
 * 1:15689 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:15691 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (web-activex.rules)
 * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION Generic javascript obfuscation attempt (indicator-obfuscation.rules)
 * 1:15731 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (exploit.rules)
 * 1:15858 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Web Components Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:15861 <-> ENABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX clsid access (web-activex.rules)
 * 1:15863 <-> ENABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX function call access (web-activex.rules)
 * 1:15908 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (web-misc.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15946 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (web-client.rules)
 * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules)
 * 1:15951 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL MaxDB Webtool GET command overflow attempt (specific-threats.rules)
 * 1:15957 <-> DISABLED <-> WEB-CLIENT Sophos Anti-Virus zip file handling DoS attempt (web-client.rules)
 * 1:15960 <-> DISABLED <-> SPECIFIC-THREATS Novell eDirectory MS-DOS device name DoS attempt (specific-threats.rules)
 * 1:15961 <-> DISABLED <-> SPECIFIC-THREATS 3Com Network Supervisor directory traversal attempt (specific-threats.rules)
 * 1:15994 <-> DISABLED <-> SPECIFIC-THREATS Squid strListGetItem denial of service attempt (specific-threats.rules)
 * 1:16000 <-> ENABLED <-> WEB-CLIENT Sun Microsystems Java gif handling memory corruption attempt (web-client.rules)
 * 1:16002 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16003 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16004 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16005 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers JavaScript argument passing code execution attempt (specific-threats.rules)
 * 1:16006 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime color table id memory corruption attempt (specific-threats.rules)
 * 1:16007 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (specific-threats.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Reader DCT dequantizer memory corruption attempt (file-pdf.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20929 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> DISABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> DISABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> DISABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20949 <-> DISABLED <-> WEB-ACTIVEX Autodesk iDrop ActiveX clsid access (web-activex.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:21009 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> DISABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Powerpoint file magic detected (file-identify.rules)
 * 1:21024 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX clsid access (web-activex.rules)
 * 1:21025 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX function call (web-activex.rules)
 * 1:21026 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX clsid access (web-activex.rules)
 * 1:21027 <-> DISABLED <-> WEB-ACTIVEX McAfee Security as a Service ActiveX function call (web-activex.rules)
 * 1:21081 <-> DISABLED <-> WEB-ACTIVEX RDS.Dataspace ActiveX object code execution attempt (web-activex.rules)
 * 1:21113 <-> DISABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21295 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> DISABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21410 <-> DISABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> DISABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> DISABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules)
 * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21526 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user agent TCYWinHTTPDownload (blacklist.rules)
 * 1:21577 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules)
 * 1:21578 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules)
 * 1:21579 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21580 <-> ENABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21646 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:2450 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM successful logon (policy-social.rules)
 * 1:2451 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM voicechat (policy-social.rules)
 * 1:2452 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM ping (policy-social.rules)
 * 1:2453 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference invitation (policy-social.rules)
 * 1:2454 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference logon success (policy-social.rules)
 * 1:2455 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference message (policy-social.rules)
 * 1:2456 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger File Transfer Receive Request (policy-social.rules)
 * 1:2457 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM message (policy-social.rules)
 * 1:2458 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM successful chat join (policy-social.rules)
 * 1:2459 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference offer invitation (policy-social.rules)
 * 1:2460 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference request (policy-social.rules)
 * 1:2461 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference watch (policy-social.rules)
 * 1:2515 <-> DISABLED <-> MISC PCT Client_Hello overflow attempt (misc.rules)
 * 1:2570 <-> DISABLED <-> WEB-MISC Invalid HTTP Version String (web-misc.rules)
 * 1:3158 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
 * 1:3159 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
 * 1:3218 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules)
 * 1:3397 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (netbios.rules)
 * 1:3398 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (netbios.rules)
 * 1:3473 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL file overflow attempt (web-client.rules)
 * 1:3550 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (web-client.rules)
 * 1:3552 <-> DISABLED <-> WEB-CLIENT Microsoft Windows OLE32 MSHTA masquerade attempt (web-client.rules)
 * 1:3591 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:3679 <-> DISABLED <-> WEB-CLIENT Multiple Products IFRAME src javascript code execution (web-client.rules)
 * 1:3691 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger Message (policy-social.rules)
 * 1:3692 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger File Transfer Initiation Request (policy-social.rules)
 * 1:3693 <-> DISABLED <-> WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules)
 * 1:3814 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javaprxy.dll COM access (web-client.rules)
 * 1:3819 <-> ENABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules)
 * 1:4131 <-> DISABLED <-> EXPLOIT SHOUTcast URI format string attempt (exploit.rules)
 * 1:4142 <-> DISABLED <-> ORACLE reports servlet command execution attempt (oracle.rules)
 * 1:4145 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Trouble Shooter ActiveX object access (web-activex.rules)
 * 1:4146 <-> DISABLED <-> WEB-ACTIVEX Share Point Portal Services Log Sink ActiveX object access (web-activex.rules)
 * 1:4147 <-> DISABLED <-> WEB-ACTIVEX ActiveLabel ActiveX object access (web-activex.rules)
 * 1:4148 <-> DISABLED <-> WEB-ACTIVEX DHTML Editing ActiveX clsid access (web-activex.rules)
 * 1:4151 <-> DISABLED <-> WEB-ACTIVEX System Monitor Source Properties ActiveX object access (web-activex.rules)
 * 1:4152 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Media Player 6.4 ActiveX object access (web-activex.rules)
 * 1:4153 <-> DISABLED <-> WEB-ACTIVEX Eyedog ActiveX object access (web-activex.rules)
 * 1:4154 <-> DISABLED <-> WEB-ACTIVEX Active Setup ActiveX object access (web-activex.rules)
 * 1:4156 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Media Player 7+ ActiveX object access (web-activex.rules)
 * 1:4157 <-> DISABLED <-> WEB-ACTIVEX MSN Setup BBS 4.71.0.10 ActiveX object access (web-activex.rules)
 * 1:4158 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Media Player Active Movie ActiveX object access (web-activex.rules)
 * 1:4159 <-> DISABLED <-> WEB-ACTIVEX Multimedia File Property Sheet ActiveX object access (web-activex.rules)
 * 1:4160 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Reporting Tool ActiveX object access (web-activex.rules)
 * 1:4161 <-> DISABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4162 <-> DISABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4163 <-> DISABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4164 <-> DISABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4165 <-> DISABLED <-> WEB-ACTIVEX Image Control 1.0 ActiveX object access (web-activex.rules)
 * 1:4167 <-> DISABLED <-> WEB-ACTIVEX MSN Heartbeat ActiveX clsid access (web-activex.rules)
 * 1:4168 <-> DISABLED <-> WEB-ACTIVEX Shell Automation Service ActiveX object access (web-activex.rules)
 * 1:4169 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Active Setup ActiveX object access (web-activex.rules)
 * 1:4171 <-> DISABLED <-> WEB-ACTIVEX Registration Wizard ActiveX object access (web-activex.rules)
 * 1:4172 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent v1.5 ActiveX clsid access (web-activex.rules)
 * 1:4173 <-> DISABLED <-> WEB-ACTIVEX MsnPUpld ActiveX object access (web-activex.rules)
 * 1:4174 <-> DISABLED <-> WEB-ACTIVEX Symantec RuFSI registry Information Class ActiveX object access (web-activex.rules)
 * 1:4175 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000/2002 Web Components PivotTable ActiveX object access (web-activex.rules)
 * 1:4176 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Chart ActiveX object access (web-activex.rules)
 * 1:4177 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:4178 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 and 2002 Web Components Record Navigation Control ActiveX object access (web-activex.rules)
 * 1:4179 <-> DISABLED <-> WEB-ACTIVEX DirectX Files Viewer ActiveX object access (web-activex.rules)
 * 1:4180 <-> DISABLED <-> WEB-ACTIVEX Kodak Image Scan Control ActiveX object access (web-activex.rules)
 * 1:4181 <-> DISABLED <-> WEB-ACTIVEX Smartcard Enrollment ActiveX object access (web-activex.rules)
 * 1:4182 <-> DISABLED <-> WEB-ACTIVEX MSN Chat v4.5, 4.6 ActiveX object access (web-activex.rules)
 * 1:4183 <-> DISABLED <-> WEB-ACTIVEX HTML Help ActiveX object access (web-activex.rules)
 * 1:4184 <-> DISABLED <-> WEB-ACTIVEX Certificate Enrollment ActiveX object access (web-activex.rules)
 * 1:4185 <-> DISABLED <-> WEB-ACTIVEX Terminal Services Advanced Client ActiveX object access (web-activex.rules)
 * 1:4186 <-> DISABLED <-> WEB-ACTIVEX Kodak Image Editing ActiveX object access (web-activex.rules)
 * 1:4187 <-> DISABLED <-> WEB-ACTIVEX Terminal Services Advanced Client ActiveX object access (web-activex.rules)
 * 1:4188 <-> DISABLED <-> WEB-ACTIVEX RAV Online Scanner ActiveX object access (web-activex.rules)
 * 1:4189 <-> DISABLED <-> WEB-ACTIVEX Third-Party Plugin ActiveX object access (web-activex.rules)
 * 1:4190 <-> DISABLED <-> WEB-ACTIVEX Kodak Thumbnail Image ActiveX object access (web-activex.rules)
 * 1:4191 <-> DISABLED <-> WEB-ACTIVEX MsnPUpld ActiveX object access (web-activex.rules)
 * 1:4192 <-> DISABLED <-> WEB-ACTIVEX HHOpen ActiveX object access (web-activex.rules)
 * 1:4193 <-> DISABLED <-> WEB-ACTIVEX Kodak Image Editing ActiveX object access (web-activex.rules)
 * 1:4196 <-> DISABLED <-> WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules)
 * 1:4197 <-> DISABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4198 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Blnmgrps.dll ActiveX object access (web-activex.rules)
 * 1:4199 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Blnmgrps.dll ActiveX object access (web-activex.rules)
 * 1:4200 <-> DISABLED <-> WEB-ACTIVEX Index Server Scope Administration ActiveX object access (web-activex.rules)
 * 1:4201 <-> DISABLED <-> WEB-ACTIVEX Queued Components Recorder ActiveX object access (web-activex.rules)
 * 1:4202 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation ActiveX object access (web-activex.rules)
 * 1:4203 <-> DISABLED <-> WEB-ACTIVEX Microsoft Marquee Control ActiveX object access (web-activex.rules)
 * 1:4204 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT PolyLine Control 2 ActiveX object access (web-activex.rules)
 * 1:4205 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Database Tools Database Designer v7.0 ActiveX object access (web-activex.rules)
 * 1:4206 <-> DISABLED <-> WEB-ACTIVEX Microsoft MPEG-4 Video Decompressor Property Page ActiveX object access (web-activex.rules)
 * 1:4207 <-> DISABLED <-> WEB-ACTIVEX Microsoft MS Audio Decompressor Control Property Page ActiveX object access (web-activex.rules)
 * 1:4208 <-> DISABLED <-> WEB-ACTIVEX LexRefStEsObject Class ActiveX object access (web-activex.rules)
 * 1:4209 <-> DISABLED <-> WEB-ACTIVEX LexRefStFrObject Class ActiveX object access (web-activex.rules)
 * 1:4210 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Msb1geen.dll ActiveX object access (web-activex.rules)
 * 1:4211 <-> DISABLED <-> WEB-ACTIVEX Microsoft DDS Library Shape Control ActiveX object access (web-activex.rules)
 * 1:4212 <-> DISABLED <-> WEB-ACTIVEX Microsoft DDS Generic Class ActiveX object access (web-activex.rules)
 * 1:4213 <-> DISABLED <-> WEB-ACTIVEX Microsoft DDS Picture Shape Control ActiveX object access (web-activex.rules)
 * 1:4214 <-> DISABLED <-> WEB-ACTIVEX Microsoft TipGW Init ActiveX object access (web-activex.rules)
 * 1:4215 <-> DISABLED <-> WEB-ACTIVEX Microsoft HTML Popup Window ActiveX object access (web-activex.rules)
 * 1:4216 <-> DISABLED <-> WEB-ACTIVEX CLSID_CComAcctImport ActiveX object access (web-activex.rules)
 * 1:4217 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Services on the Web Free/Busy ActiveX object access (web-activex.rules)
 * 1:4218 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic WebClass ActiveX object access (web-activex.rules)
 * 1:4219 <-> DISABLED <-> WEB-ACTIVEX Microsoft Network Connections Tray ActiveX object access (web-activex.rules)
 * 1:4220 <-> DISABLED <-> WEB-ACTIVEX Microsoft Network and Dial-Up Connections ActiveX object access (web-activex.rules)
 * 1:4221 <-> DISABLED <-> WEB-ACTIVEX Microsoft ProxyStub Dispatch ActiveX object access (web-activex.rules)
 * 1:4222 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Outllib.dll ActiveX object access (web-activex.rules)
 * 1:4223 <-> DISABLED <-> WEB-ACTIVEX Microsoft OpenCable Class ActiveX object access (web-activex.rules)
 * 1:4224 <-> DISABLED <-> WEB-ACTIVEX Microsoft VideoPort ActiveX object access (web-activex.rules)
 * 1:4225 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository ActiveX object access (web-activex.rules)
 * 1:4226 <-> DISABLED <-> WEB-ACTIVEX Microsoft DocHost User Interface Handler ActiveX object access (web-activex.rules)
 * 1:4227 <-> DISABLED <-> WEB-ACTIVEX Microsoft Network Connections ActiveX object access (web-activex.rules)
 * 1:4228 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Start Menu ActiveX object access (web-activex.rules)
 * 1:4229 <-> DISABLED <-> WEB-ACTIVEX MSAPP Export Support for Microsoft Access ActiveX object access (web-activex.rules)
 * 1:4230 <-> DISABLED <-> WEB-ACTIVEX Search Assistant UI ActiveX object access (web-activex.rules)
 * 1:4231 <-> DISABLED <-> WEB-ACTIVEX Microsoft SysTray ActiveX object access (web-activex.rules)
 * 1:4232 <-> DISABLED <-> WEB-ACTIVEX Microsoft SysTray Invoker ActiveX object access (web-activex.rules)
 * 1:4233 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Database Tools Query Designer v7.0 ActiveX object access (web-activex.rules)
 * 1:4234 <-> DISABLED <-> WEB-ACTIVEX Microsoft MSVTDGridCtrl7 ActiveX object access (web-activex.rules)
 * 1:4235 <-> DISABLED <-> WEB-ACTIVEX Helper Object for Java ActiveX object access (web-activex.rules)
 * 1:4236 <-> DISABLED <-> WEB-ACTIVEX WMI ASDI Extension ActiveX object access (web-activex.rules)
 * 1:4637 <-> DISABLED <-> EXPLOIT MailEnable HTTPMail buffer overflow attempt (exploit.rules)
 * 1:4643 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file buffer overflow attempt (web-client.rules)
 * 1:4647 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload overflow attempt (web-client.rules)
 * 1:4681 <-> DISABLED <-> WEB-MISC Symantec Antivirus admin scan interface negative Content-Length attempt (web-misc.rules)
 * 1:4890 <-> DISABLED <-> WEB-ACTIVEX IAVIStream & IAVIFile Proxy ActiveX object access (web-activex.rules)
 * 1:4891 <-> DISABLED <-> WEB-ACTIVEX cfw Class ActiveX object access (web-activex.rules)
 * 1:4892 <-> DISABLED <-> WEB-ACTIVEX MTSEvents Class ActiveX object access (web-activex.rules)
 * 1:4893 <-> DISABLED <-> WEB-ACTIVEX Trident HTMLEditor ActiveX object access (web-activex.rules)
 * 1:4894 <-> DISABLED <-> WEB-ACTIVEX PSEnumVariant ActiveX object access (web-activex.rules)
 * 1:4895 <-> DISABLED <-> WEB-ACTIVEX PSTypeInfo ActiveX object access (web-activex.rules)
 * 1:4896 <-> DISABLED <-> WEB-ACTIVEX PSTypeLib ActiveX object access (web-activex.rules)
 * 1:4897 <-> DISABLED <-> WEB-ACTIVEX PSOAInterface ActiveX object access (web-activex.rules)
 * 1:4898 <-> DISABLED <-> WEB-ACTIVEX PSTypeComp ActiveX object access (web-activex.rules)
 * 1:4899 <-> DISABLED <-> WEB-ACTIVEX ISupportErrorInfo Interface ActiveX object access (web-activex.rules)
 * 1:4900 <-> DISABLED <-> WEB-ACTIVEX Outlook Progress Ctl ActiveX object access (web-activex.rules)
 * 1:4901 <-> DISABLED <-> WEB-ACTIVEX VMR Allocator Presenter 9 ActiveX object access (web-activex.rules)
 * 1:4902 <-> DISABLED <-> WEB-ACTIVEX Video Mixing Renderer 9 ActiveX object access (web-activex.rules)
 * 1:4903 <-> DISABLED <-> WEB-ACTIVEX VMR ImageSync 9 ActiveX object access (web-activex.rules)
 * 1:4904 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Alias ActiveX object access (web-activex.rules)
 * 1:4905 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Object ActiveX object access (web-activex.rules)
 * 1:4906 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Interface Definition ActiveX object access (web-activex.rules)
 * 1:4907 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Collection Definition ActiveX object access (web-activex.rules)
 * 1:4908 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Method Definition ActiveX object access (web-activex.rules)
 * 1:4909 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Property Definition ActiveX object access (web-activex.rules)
 * 1:4910 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Relationship Definition ActiveX object access (web-activex.rules)
 * 1:4911 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Type Library ActiveX object access (web-activex.rules)
 * 1:4912 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Root ActiveX object access (web-activex.rules)
 * 1:4913 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Workspace ActiveX object access (web-activex.rules)
 * 1:4914 <-> DISABLED <-> WEB-ACTIVEX Microsoft Repository Script Definition ActiveX object access (web-activex.rules)
 * 1:4915 <-> DISABLED <-> WEB-ACTIVEX Shortcut Handler ActiveX object access (web-activex.rules)
 * 1:4916 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (indicator-obfuscation.rules)
 * 1:4917 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (indicator-obfuscation.rules)
 * 1:4982 <-> DISABLED <-> WEB-ACTIVEX Adodb.Stream ActiveX object access (web-activex.rules)
 * 1:4985 <-> DISABLED <-> WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules)
 * 1:540 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN message (policy-social.rules)
 * 1:541 <-> DISABLED <-> POLICY-SOCIAL ICQ access (policy-social.rules)
 * 1:542 <-> DISABLED <-> POLICY-SOCIAL IRC nick change (policy-social.rules)
 * 1:5710 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules)
 * 1:5749 <-> DISABLED <-> PUA-TOOLBARS Trackware alexa runtime detection (pua-toolbars.rules)
 * 1:5750 <-> DISABLED <-> PUA-TOOLBARS Adware dogpile runtime detection (pua-toolbars.rules)
 * 1:5757 <-> DISABLED <-> PUA-TOOLBARS Hijacker ezcybersearch runtime detection - check toolbar setting (pua-toolbars.rules)
 * 1:5765 <-> DISABLED <-> PUA-TOOLBARS Hijacker begin2search runtime detection - ico query (pua-toolbars.rules)
 * 1:5788 <-> DISABLED <-> PUA-TOOLBARS Adware hithopper runtime detection - click toolbar buttons (pua-toolbars.rules)
 * 1:5801 <-> ENABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (pua-toolbars.rules)
 * 1:5802 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (pua-toolbars.rules)
 * 1:5803 <-> ENABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (pua-toolbars.rules)
 * 1:5858 <-> DISABLED <-> PUA-TOOLBARS Adware praizetoolbar runtime detection (pua-toolbars.rules)
 * 1:5861 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - toolbar information request (pua-toolbars.rules)
 * 1:5864 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:5866 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - download new coupon offers and links (pua-toolbars.rules)
 * 1:5867 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - get updates to toolbar buttons (pua-toolbars.rules)
 * 1:5884 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - check toolbar & category info (pua-toolbars.rules)
 * 1:5885 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - ie autosearch & search assistant hijack (pua-toolbars.rules)
 * 1:5886 <-> ENABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - pass info to server (pua-toolbars.rules)
 * 1:5892 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - get link info (pua-toolbars.rules)
 * 1:5893 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - search keyword (pua-toolbars.rules)
 * 1:5914 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - configuration download (pua-toolbars.rules)
 * 1:5915 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - autosearch hijack (pua-toolbars.rules)
 * 1:5916 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - sidebar search (pua-toolbars.rules)
 * 1:5917 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - toolbar search (pua-toolbars.rules)
 * 1:5921 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - send user url request (pua-toolbars.rules)
 * 1:5922 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - display advertisement news (pua-toolbars.rules)
 * 1:5939 <-> ENABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - get cfg (pua-toolbars.rules)
 * 1:5940 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - search request (pua-toolbars.rules)
 * 1:5941 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - track (pua-toolbars.rules)
 * 1:5942 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - pass information to its controlling server (pua-toolbars.rules)
 * 1:5943 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - third party information collection (pua-toolbars.rules)
 * 1:5949 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - simpleticker.htm request (pua-toolbars.rules)
 * 1:5950 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - pass information to server (pua-toolbars.rules)
 * 1:5951 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - search request (pua-toolbars.rules)
 * 1:5964 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - track user activity & get 'relates links' of the toolbar (pua-toolbars.rules)
 * 1:5965 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - get toolbar cfg (pua-toolbars.rules)
 * 1:5979 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - track user ip address (pua-toolbars.rules)
 * 1:5980 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - display advertisement (pua-toolbars.rules)
 * 1:5981 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (pua-toolbars.rules)
 * 1:5982 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - email login page (pua-toolbars.rules)
 * 1:5984 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar installtime detection - user information collect (pua-toolbars.rules)
 * 1:5985 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar runtime detection - toolbar information request (pua-toolbars.rules)
 * 1:5987 <-> DISABLED <-> PUA-TOOLBARS Hijacker wishbone runtime detection (pua-toolbars.rules)
 * 1:6002 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS Rectilinear GDD Layout ActiveX object access (web-activex.rules)
 * 1:6003 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS Rectilinear GDD Route ActiveX object access (web-activex.rules)
 * 1:6004 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS Circular Auto Layout Logic 2 ActiveX object access (web-activex.rules)
 * 1:6005 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS Straight Line Routing Logic 2 ActiveX object access (web-activex.rules)
 * 1:6006 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT Icon Control ActiveX object access (web-activex.rules)
 * 1:6007 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS OrgChart GDD Layout ActiveX object access (web-activex.rules)
 * 1:6008 <-> DISABLED <-> WEB-ACTIVEX Microsoft DT DDS OrgChart GDD Route ActiveX object access (web-activex.rules)
 * 1:6009 <-> DISABLED <-> WEB-ACTIVEX RDS.Dataspace ActiveX object access (web-activex.rules)
 * 1:6182 <-> DISABLED <-> POLICY-SOCIAL IRC channel notice (policy-social.rules)
 * 1:6189 <-> DISABLED <-> PUA-TOOLBARS Trackware try2find detection (pua-toolbars.rules)
 * 1:6191 <-> DISABLED <-> PUA-TOOLBARS Trackware onetoolbar runtime detection (pua-toolbars.rules)
 * 1:6230 <-> DISABLED <-> PUA-TOOLBARS Hijacker i-lookup runtime detection (pua-toolbars.rules)
 * 1:6252 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - search request (pua-toolbars.rules)
 * 1:6253 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - log user ativity (pua-toolbars.rules)
 * 1:6254 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - redirect (pua-toolbars.rules)
 * 1:6255 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - update (pua-toolbars.rules)
 * 1:6261 <-> DISABLED <-> PUA-TOOLBARS Trickler slinkyslate toolbar runtime detection (pua-toolbars.rules)
 * 1:6278 <-> DISABLED <-> PUA-TOOLBARS Trickler navexcel search toolbar runtime detection - activate/update (pua-toolbars.rules)
 * 1:6282 <-> DISABLED <-> PUA-TOOLBARS Hijacker customtoolbar runtime detection (pua-toolbars.rules)
 * 1:6376 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - toolbar update (pua-toolbars.rules)
 * 1:6377 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - browser hijack (pua-toolbars.rules)
 * 1:6379 <-> DISABLED <-> PUA-TOOLBARS Hijacker adbars runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:6380 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - toolbar information retrieve (pua-toolbars.rules)
 * 1:6381 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:6382 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - url hook (pua-toolbars.rules)
 * 1:6467 <-> DISABLED <-> POLICY-SOCIAL jabber traffic detected (policy-social.rules)
 * 1:6468 <-> DISABLED <-> POLICY-SOCIAL jabber file transfer request (policy-social.rules)
 * 1:6478 <-> DISABLED <-> PUA-TOOLBARS Trackware searchingall toolbar runtime detection - send user url request (pua-toolbars.rules)
 * 1:6482 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - get info (pua-toolbars.rules)
 * 1:6483 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - home page hijacker (pua-toolbars.rules)
 * 1:6484 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - search (pua-toolbars.rules)
 * 1:6487 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - check updates (pua-toolbars.rules)
 * 1:6488 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - redirect mistyped urls (pua-toolbars.rules)
 * 1:6517 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Light ActiveX clsid access (web-activex.rules)
 * 1:6681 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Media Transform Effects ActiveX clsid access (web-activex.rules)
 * 1:6684 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX clsid access (web-activex.rules)
 * 1:6686 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX clsid access (web-activex.rules)
 * 1:7003 <-> DISABLED <-> WEB-ACTIVEX ADODB.Recordset ActiveX function call access (web-activex.rules)
 * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:7050 <-> DISABLED <-> PUA-TOOLBARS Hijacker freecruise toolbar runtime detection (pua-toolbars.rules)
 * 1:7199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel label record overflow attempt (file-office.rules)
 * 1:7425 <-> DISABLED <-> WEB-ACTIVEX 9x8Resize ActiveX clsid access (web-activex.rules)
 * 1:7427 <-> DISABLED <-> WEB-ACTIVEX Allocator Fix ActiveX clsid access (web-activex.rules)
 * 1:7429 <-> DISABLED <-> WEB-ACTIVEX Bitmap ActiveX clsid access (web-activex.rules)
 * 1:7431 <-> DISABLED <-> WEB-ACTIVEX DirectFrame.DirectControl.1 ActiveX clsid access (web-activex.rules)
 * 1:7433 <-> DISABLED <-> WEB-ACTIVEX DirectX Transform Wrapper Property Page ActiveX clsid access (web-activex.rules)
 * 1:7435 <-> DISABLED <-> WEB-ACTIVEX Dynamic Casts ActiveX clsid access (web-activex.rules)
 * 1:7436 <-> DISABLED <-> WEB-ACTIVEX Dynamic Casts ActiveX function call (web-activex.rules)
 * 1:7437 <-> DISABLED <-> WEB-ACTIVEX Frame Eater ActiveX clsid access (web-activex.rules)
 * 1:7439 <-> DISABLED <-> WEB-ACTIVEX HTML Help ActiveX clsid access (web-activex.rules)
 * 1:7442 <-> DISABLED <-> WEB-ACTIVEX mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (web-activex.rules)
 * 1:7444 <-> DISABLED <-> WEB-ACTIVEX Mmedia.AsyncMHandler.1 ActiveX clsid access (web-activex.rules)
 * 1:7446 <-> DISABLED <-> WEB-ACTIVEX Record Queue ActiveX clsid access (web-activex.rules)
 * 1:7448 <-> DISABLED <-> WEB-ACTIVEX ShotDetect ActiveX clsid access (web-activex.rules)
 * 1:7450 <-> DISABLED <-> WEB-ACTIVEX Stetch ActiveX clsid access (web-activex.rules)
 * 1:7452 <-> DISABLED <-> WEB-ACTIVEX WM Color Converter Filter ActiveX clsid access (web-activex.rules)
 * 1:7454 <-> DISABLED <-> WEB-ACTIVEX Wmm2ae.dll ActiveX clsid access (web-activex.rules)
 * 1:7456 <-> DISABLED <-> WEB-ACTIVEX Wmm2fxa.dll ActiveX clsid access (web-activex.rules)
 * 1:7458 <-> DISABLED <-> WEB-ACTIVEX Wmm2fxb.dll ActiveX clsid access (web-activex.rules)
 * 1:7460 <-> DISABLED <-> WEB-ACTIVEX WMT Audio Analyzer ActiveX clsid access (web-activex.rules)
 * 1:7462 <-> DISABLED <-> WEB-ACTIVEX WMT Black Frame Generator ActiveX clsid access (web-activex.rules)
 * 1:7464 <-> DISABLED <-> WEB-ACTIVEX WMT DeInterlace Filter ActiveX clsid access (web-activex.rules)
 * 1:7466 <-> DISABLED <-> WEB-ACTIVEX WMT DeInterlace Prop Page ActiveX clsid access (web-activex.rules)
 * 1:7468 <-> DISABLED <-> WEB-ACTIVEX WMT DirectX Transform Wrapper ActiveX clsid access (web-activex.rules)
 * 1:7470 <-> DISABLED <-> WEB-ACTIVEX WMT DV Extract Filter ActiveX clsid access (web-activex.rules)
 * 1:7472 <-> DISABLED <-> WEB-ACTIVEX WMT FormatConversion Prop Page ActiveX clsid access (web-activex.rules)
 * 1:7474 <-> DISABLED <-> WEB-ACTIVEX WMT FormatConversion ActiveX clsid access (web-activex.rules)
 * 1:7476 <-> DISABLED <-> WEB-ACTIVEX WMT Import Filter ActiveX clsid access (web-activex.rules)
 * 1:7478 <-> DISABLED <-> WEB-ACTIVEX WMT Interlacer ActiveX clsid access (web-activex.rules)
 * 1:7480 <-> DISABLED <-> WEB-ACTIVEX WMT Log Filter ActiveX clsid access (web-activex.rules)
 * 1:7482 <-> DISABLED <-> WEB-ACTIVEX WMT MuxDeMux Filter ActiveX clsid access (web-activex.rules)
 * 1:7484 <-> DISABLED <-> WEB-ACTIVEX WMT Sample Info Filter ActiveX clsid access (web-activex.rules)
 * 1:7486 <-> DISABLED <-> WEB-ACTIVEX WMT Screen Capture Filter Task Page ActiveX clsid access (web-activex.rules)
 * 1:7488 <-> DISABLED <-> WEB-ACTIVEX WMT Screen capture Filter ActiveX clsid access (web-activex.rules)
 * 1:7490 <-> DISABLED <-> WEB-ACTIVEX WMT Switch Filter ActiveX clsid access (web-activex.rules)
 * 1:7492 <-> DISABLED <-> WEB-ACTIVEX WMT Virtual Renderer ActiveX clsid access (web-activex.rules)
 * 1:7494 <-> DISABLED <-> WEB-ACTIVEX WMT Virtual Source ActiveX clsid access (web-activex.rules)
 * 1:7496 <-> DISABLED <-> WEB-ACTIVEX WMT Volume ActiveX clsid access (web-activex.rules)
 * 1:7498 <-> DISABLED <-> WEB-ACTIVEX WM TV Out Smooth Picture Filter ActiveX clsid access (web-activex.rules)
 * 1:7500 <-> DISABLED <-> WEB-ACTIVEX WM VIH2 Fix ActiveX clsid access (web-activex.rules)
 * 1:7502 <-> DISABLED <-> WEB-ACTIVEX tsuserex.ADsTSUserEx.1 ActiveX clsid access (web-activex.rules)
 * 1:7516 <-> DISABLED <-> PUA-TOOLBARS Trickler hmtoolbar runtime detection (pua-toolbars.rules)
 * 1:7518 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - get up-to-date news info (pua-toolbars.rules)
 * 1:7520 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules)
 * 1:7521 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 1 (pua-toolbars.rules)
 * 1:7522 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 2 (pua-toolbars.rules)
 * 1:7525 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - barad.asp request (pua-toolbars.rules)
 * 1:7526 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - stat counter (pua-toolbars.rules)
 * 1:7527 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - toolbar find function (pua-toolbars.rules)
 * 1:7528 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules)
 * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (pua-toolbars.rules)
 * 1:7571 <-> DISABLED <-> PUA-TOOLBARS Hijacker linkspider search bar runtime detection - toolbar search (pua-toolbars.rules)
 * 1:7575 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - weather request (pua-toolbars.rules)
 * 1:7576 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - hijack ie browser (pua-toolbars.rules)
 * 1:7577 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - collect information (pua-toolbars.rules)
 * 1:7578 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - reference (pua-toolbars.rules)
 * 1:7579 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - smileys (pua-toolbars.rules)
 * 1:7580 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - update (pua-toolbars.rules)
 * 1:7581 <-> DISABLED <-> PUA-TOOLBARS Hijacker flashbar runtime detection - user-agent (pua-toolbars.rules)
 * 1:7590 <-> DISABLED <-> PUA-TOOLBARS Hijacker swbar runtime detection (pua-toolbars.rules)
 * 1:7593 <-> DISABLED <-> PUA-TOOLBARS Trackware trellian toolbarbrowser runtime detection (pua-toolbars.rules)
 * 1:7598 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - search in toolbar (pua-toolbars.rules)
 * 1:7599 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - user info collection (pua-toolbars.rules)
 * 1:7839 <-> DISABLED <-> PUA-TOOLBARS Hijacker rx toolbar runtime detection (pua-toolbars.rules)
 * 1:7840 <-> DISABLED <-> PUA-TOOLBARS Hijacker instafinder initial configuration detection (pua-toolbars.rules)
 * 1:7848 <-> DISABLED <-> PUA-TOOLBARS Hijacker netguide runtime detection (pua-toolbars.rules)
 * 1:7849 <-> DISABLED <-> PUA-TOOLBARS Trickler maxsearch runtime detection - toolbar download (pua-toolbars.rules)
 * 1:7858 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install - firstuse request (pua-toolbars.rules)
 * 1:7859 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install  - installer request (pua-toolbars.rules)
 * 1:7860 <-> DISABLED <-> PUA-TOOLBARS Google Desktop search query (pua-toolbars.rules)
 * 1:7864 <-> DISABLED <-> WEB-ACTIVEX McSubMgr ActiveX CLSID access (web-activex.rules)
 * 1:7866 <-> DISABLED <-> WEB-ACTIVEX ADODB.Connection ActiveX clsid access (web-activex.rules)
 * 1:7868 <-> DISABLED <-> WEB-ACTIVEX ADODB.Recordset ActiveX clsid access (web-activex.rules)
 * 1:7872 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7874 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office PivotTable 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7876 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7878 <-> DISABLED <-> WEB-ACTIVEX AxMetaStream.MetaStreamCtl ActiveX clsid access (web-activex.rules)
 * 1:7880 <-> DISABLED <-> WEB-ACTIVEX AxMetaStream.MetaStreamCtlSecondary ActiveX clsid access (web-activex.rules)
 * 1:7882 <-> DISABLED <-> WEB-ACTIVEX AccSync.AccSubNotHandler ActiveX clsid access (web-activex.rules)
 * 1:7884 <-> DISABLED <-> WEB-ACTIVEX AolCalSvr.ACCalendarListCtrl ActiveX clsid access (web-activex.rules)
 * 1:7886 <-> DISABLED <-> WEB-ACTIVEX AolCalSvr.ACDictionary ActiveX clsid access (web-activex.rules)
 * 1:7888 <-> DISABLED <-> WEB-ACTIVEX AOLFlash.AOLFlash ActiveX clsid access (web-activex.rules)
 * 1:7890 <-> DISABLED <-> WEB-ACTIVEX AOL.MemExpWz ActiveX clsid access (web-activex.rules)
 * 1:7892 <-> DISABLED <-> WEB-ACTIVEX AOL Phobos Class ActiveX clsid access (web-activex.rules)
 * 1:7894 <-> DISABLED <-> WEB-ACTIVEX AOL.PicDownloadCtrl ActiveX clsid access (web-activex.rules)
 * 1:7896 <-> DISABLED <-> WEB-ACTIVEX AOL.PicEditCtrl ActiveX clsid access (web-activex.rules)
 * 1:7898 <-> DISABLED <-> WEB-ACTIVEX AOL.PicSsvrCtrl ActiveX clsid access (web-activex.rules)
 * 1:7900 <-> DISABLED <-> WEB-ACTIVEX AOL.UPFCtrl ActiveX clsid access (web-activex.rules)
 * 1:7902 <-> DISABLED <-> WEB-ACTIVEX CDDBControlAOL.CDDBAOLControl ActiveX clsid access (web-activex.rules)
 * 1:7904 <-> DISABLED <-> WEB-ACTIVEX CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7906 <-> DISABLED <-> WEB-ACTIVEX CDO.KnowledgeSearchFolder ActiveX clsid access (web-activex.rules)
 * 1:7908 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Chroma ActiveX clsid access (web-activex.rules)
 * 1:7910 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.DropShadow ActiveX clsid access (web-activex.rules)
 * 1:7912 <-> DISABLED <-> WEB-ACTIVEX DX3DTransform.Microsoft.Shapes ActiveX clsid access (web-activex.rules)
 * 1:7914 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (web-activex.rules)
 * 1:7916 <-> DISABLED <-> WEB-ACTIVEX CLSID_IMimeInternational ActiveX clsid access (web-activex.rules)
 * 1:7918 <-> DISABLED <-> WEB-ACTIVEX CoAxTrackVideo Class ActiveX clsid access (web-activex.rules)
 * 1:7920 <-> DISABLED <-> WEB-ACTIVEX DsPropertyPages.OU ActiveX clsid access (web-activex.rules)
 * 1:7922 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.RevealTrans ActiveX clsid access (web-activex.rules)
 * 1:7924 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Shadow ActiveX clsid access (web-activex.rules)
 * 1:7926 <-> DISABLED <-> WEB-ACTIVEX DXTFilter ActiveX clsid access (web-activex.rules)
 * 1:7928 <-> DISABLED <-> WEB-ACTIVEX file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7930 <-> DISABLED <-> WEB-ACTIVEX FolderItem2 ActiveX clsid access (web-activex.rules)
 * 1:7932 <-> DISABLED <-> WEB-ACTIVEX FolderItems3 ActiveX clsid access (web-activex.rules)
 * 1:7934 <-> DISABLED <-> WEB-ACTIVEX ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7936 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Glow ActiveX clsid access (web-activex.rules)
 * 1:7938 <-> DISABLED <-> WEB-ACTIVEX gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7940 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Gradient ActiveX clsid access (web-activex.rules)
 * 1:7942 <-> DISABLED <-> WEB-ACTIVEX http Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7944 <-> DISABLED <-> WEB-ACTIVEX https Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7946 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MaskFilter ActiveX clsid access (web-activex.rules)
 * 1:7948 <-> DISABLED <-> WEB-ACTIVEX Microsoft Common Browser Architecture ActiveX clsid access (web-activex.rules)
 * 1:7950 <-> DISABLED <-> WEB-ACTIVEX Microsoft DirectAnimation Control ActiveX clsid access (web-activex.rules)
 * 1:7952 <-> DISABLED <-> WEB-ACTIVEX Microsoft DirectAnimation Windowed Control ActiveX clsid access (web-activex.rules)
 * 1:7954 <-> DISABLED <-> WEB-ACTIVEX Microsoft Forms 2.0 ComboBox ActiveX clsid access (web-activex.rules)
 * 1:7956 <-> DISABLED <-> WEB-ACTIVEX Microsoft Forms 2.0 ListBox ActiveX clsid access (web-activex.rules)
 * 1:7958 <-> DISABLED <-> WEB-ACTIVEX mk Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7970 <-> DISABLED <-> WEB-ACTIVEX PostBootReminder object ActiveX clsid access (web-activex.rules)
 * 1:7974 <-> DISABLED <-> WEB-ACTIVEX Rendezvous Class ActiveX clsid access (web-activex.rules)
 * 1:7976 <-> DISABLED <-> WEB-ACTIVEX ShellFolder for CD Burning ActiveX clsid access (web-activex.rules)
 * 1:7983 <-> DISABLED <-> WEB-ACTIVEX SuperBuddy Class ActiveX clsid access (web-activex.rules)
 * 1:7987 <-> DISABLED <-> WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.2 ActiveX clsid access (web-activex.rules)
 * 1:7989 <-> DISABLED <-> WEB-ACTIVEX WIA FileSystem USD ActiveX clsid access (web-activex.rules)
 * 1:7991 <-> DISABLED <-> WEB-ACTIVEX ACM Class Manager ActiveX clsid access (web-activex.rules)
 * 1:7993 <-> DISABLED <-> WEB-ACTIVEX clbcatex.dll ActiveX clsid access (web-activex.rules)
 * 1:7995 <-> DISABLED <-> WEB-ACTIVEX clbcatq.dll ActiveX clsid access (web-activex.rules)
 * 1:7997 <-> DISABLED <-> WEB-ACTIVEX CLSID_ApprenticeICW ActiveX clsid access (web-activex.rules)
 * 1:7999 <-> DISABLED <-> WEB-ACTIVEX CLSID_CDIDeviceActionConfigPage ActiveX clsid access (web-activex.rules)
 * 1:8001 <-> DISABLED <-> WEB-ACTIVEX CommunicationManager ActiveX clsid access (web-activex.rules)
 * 1:8003 <-> DISABLED <-> WEB-ACTIVEX Content.mbcontent.1 ActiveX clsid access (web-activex.rules)
 * 1:8005 <-> DISABLED <-> WEB-ACTIVEX DiskManagement.Connection ActiveX clsid access (web-activex.rules)
 * 1:8007 <-> DISABLED <-> WEB-ACTIVEX Dutch_Dutch Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8009 <-> DISABLED <-> WEB-ACTIVEX English_UK Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8011 <-> DISABLED <-> WEB-ACTIVEX English_US Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8013 <-> DISABLED <-> WEB-ACTIVEX French_French Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8015 <-> DISABLED <-> WEB-ACTIVEX German_German Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8017 <-> DISABLED <-> WEB-ACTIVEX ICM Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8019 <-> DISABLED <-> WEB-ACTIVEX Internet Explorer Address Bar ActiveX clsid access (web-activex.rules)
 * 1:8021 <-> DISABLED <-> WEB-ACTIVEX ISSimpleCommandCreator.1 ActiveX clsid access (web-activex.rules)
 * 1:8023 <-> DISABLED <-> WEB-ACTIVEX Italian_Italian Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8025 <-> DISABLED <-> WEB-ACTIVEX Microsoft HTML Window Security Proxy ActiveX clsid access (web-activex.rules)
 * 1:8027 <-> DISABLED <-> WEB-ACTIVEX Microsoft WBEM Event Subsystem ActiveX clsid access (web-activex.rules)
 * 1:8029 <-> DISABLED <-> WEB-ACTIVEX MidiOut Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8031 <-> DISABLED <-> WEB-ACTIVEX Mslablti.MarshalableTI.1 ActiveX clsid access (web-activex.rules)
 * 1:8033 <-> DISABLED <-> WEB-ACTIVEX QC.MessageMover.1 ActiveX clsid access (web-activex.rules)
 * 1:8035 <-> DISABLED <-> WEB-ACTIVEX Spanish_Modern Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8037 <-> DISABLED <-> WEB-ACTIVEX Swedish_Default Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8039 <-> DISABLED <-> WEB-ACTIVEX syncui.dll ActiveX clsid access (web-activex.rules)
 * 1:8041 <-> DISABLED <-> WEB-ACTIVEX VFW Capture Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8043 <-> DISABLED <-> WEB-ACTIVEX Video Effect Class Manager 1 Input ActiveX clsid access (web-activex.rules)
 * 1:8045 <-> DISABLED <-> WEB-ACTIVEX Video Effect Class Manager 2 Input ActiveX clsid access (web-activex.rules)
 * 1:8047 <-> DISABLED <-> WEB-ACTIVEX WaveIn Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8049 <-> DISABLED <-> WEB-ACTIVEX WaveOut and DSound Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8051 <-> DISABLED <-> WEB-ACTIVEX WDM Instance Provider ActiveX clsid access (web-activex.rules)
 * 1:8064 <-> DISABLED <-> WEB-ACTIVEX Scriptlet.Typelib ActiveX clsid access (web-activex.rules)
 * 1:8066 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Scripting Host Shell ActiveX clsid access (web-activex.rules)
 * 1:8069 <-> DISABLED <-> WEB-ACTIVEX Microsoft Virtual Machine ActiveX clsid access (web-activex.rules)
 * 1:8073 <-> DISABLED <-> PUA-TOOLBARS Adware zango toolbar runtime detection (pua-toolbars.rules)
 * 1:8091 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer error message format string vulnerability attempt (web-client.rules)
 * 1:8363 <-> DISABLED <-> WEB-ACTIVEX Business Object Factory ActiveX clsid access (web-activex.rules)
 * 1:8365 <-> DISABLED <-> WEB-ACTIVEX DExplore.AppObj.8.0 ActiveX clsid access (web-activex.rules)
 * 1:8367 <-> DISABLED <-> WEB-ACTIVEX Microsoft.DbgClr.DTE.8.0 ActiveX clsid access (web-activex.rules)
 * 1:8369 <-> DISABLED <-> WEB-ACTIVEX WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (web-activex.rules)
 * 1:8371 <-> DISABLED <-> WEB-ACTIVEX Outlook.Application ActiveX clsid access (web-activex.rules)
 * 1:8373 <-> DISABLED <-> WEB-ACTIVEX VsmIDE.DTE ActiveX clsid access (web-activex.rules)
 * 1:8375 <-> DISABLED <-> WEB-ACTIVEX QuickTime Object ActiveX clsid access (web-activex.rules)
 * 1:8379 <-> DISABLED <-> WEB-ACTIVEX Xml2Dex ActiveX clsid access (web-activex.rules)
 * 1:8391 <-> DISABLED <-> WEB-ACTIVEX RFXInstMgr Class ActiveX clsid access (web-activex.rules)
 * 1:8393 <-> DISABLED <-> WEB-ACTIVEX WebDetectFrm ActiveX clsid access (web-activex.rules)
 * 1:8395 <-> DISABLED <-> WEB-ACTIVEX DX3DTransform.Microsoft.CrShatter ActiveX clsid access (web-activex.rules)
 * 1:8397 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office List 11.0 ActiveX clsid access (web-activex.rules)
 * 1:8399 <-> DISABLED <-> WEB-ACTIVEX Microsoft.WebCapture ActiveX clsid access (web-activex.rules)
 * 1:8401 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Media Services DRM Storage ActiveX clsid access (web-activex.rules)
 * 1:8407 <-> DISABLED <-> WEB-ACTIVEX VisualExec Control ActiveX clsid access (web-activex.rules)
 * 1:8411 <-> DISABLED <-> WEB-ACTIVEX DocFind Command ActiveX clsid access (web-activex.rules)
 * 1:8423 <-> DISABLED <-> WEB-ACTIVEX CEnroll.CEnroll.2 ActiveX function call access (web-activex.rules)
 * 1:8427 <-> DISABLED <-> MISC SSLv2 openssl get shared ciphers overflow attempt (misc.rules)
 * 1:8428 <-> DISABLED <-> MISC SSLv2 openssl get shared ciphers overflow attempt (misc.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules)
 * 1:8717 <-> DISABLED <-> WEB-ACTIVEX VsaIDE.DTE ActiveX clsid access (web-activex.rules)
 * 1:8719 <-> DISABLED <-> WEB-ACTIVEX VisualStudio.DTE.8.0 ActiveX clsid access (web-activex.rules)
 * 1:8721 <-> DISABLED <-> WEB-ACTIVEX Outlook Data Object ActiveX clsid access (web-activex.rules)
 * 1:8725 <-> DISABLED <-> WEB-ACTIVEX System Monitor ActiveX clsid access (web-activex.rules)
 * 1:8735 <-> DISABLED <-> WEB-ACTIVEX BOWebAgent.Webagent.1 ActiveX clsid access (web-activex.rules)
 * 1:8738 <-> DISABLED <-> WEB-ACTIVEX Macrovision InstallShield Update Service ActiveX clsid access (web-activex.rules)
 * 1:8741 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAFontStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8744 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAEvent.1 ActiveX clsid access (web-activex.rules)
 * 1:8747 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAEndStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8750 <-> DISABLED <-> WEB-ACTIVEX LM.LMBehaviorFactory.1 ActiveX clsid access (web-activex.rules)
 * 1:8753 <-> DISABLED <-> WEB-ACTIVEX LM.AutoEffectBvr.1 ActiveX clsid access (web-activex.rules)
 * 1:8756 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.SpriteControl ActiveX clsid access (web-activex.rules)
 * 1:8759 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.SequencerControl ActiveX clsid access (web-activex.rules)
 * 1:8762 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.Sequence ActiveX clsid access (web-activex.rules)
 * 1:8765 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAView.1 ActiveX clsid access (web-activex.rules)
 * 1:8768 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAVector3.1 ActiveX clsid access (web-activex.rules)
 * 1:8771 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAVector2.1 ActiveX clsid access (web-activex.rules)
 * 1:8774 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAUserData.1 ActiveX clsid access (web-activex.rules)
 * 1:8777 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DATransform3.1 ActiveX clsid access (web-activex.rules)
 * 1:8780 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DATransform2.1 ActiveX clsid access (web-activex.rules)
 * 1:8783 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAString.1 ActiveX clsid access (web-activex.rules)
 * 1:8786 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DASound.1 ActiveX clsid access (web-activex.rules)
 * 1:8789 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint3.1 ActiveX clsid access (web-activex.rules)
 * 1:8792 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint2.1 ActiveX clsid access (web-activex.rules)
 * 1:8795 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPath2.1 ActiveX clsid access (web-activex.rules)
 * 1:8798 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPair.1 ActiveX clsid access (web-activex.rules)
 * 1:8801 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DANumber.1 ActiveX clsid access (web-activex.rules)
 * 1:8804 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMontage.1 ActiveX clsid access (web-activex.rules)
 * 1:8807 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMicrophone.1 ActiveX clsid access (web-activex.rules)
 * 1:8810 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMatte.1 ActiveX clsid access (web-activex.rules)
 * 1:8813 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DALineStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8816 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAJoinStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8819 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAImage.1 ActiveX clsid access (web-activex.rules)
 * 1:8822 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAGeometry.1 ActiveX clsid access (web-activex.rules)
 * 1:8825 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DADashStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8828 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAColor.1 ActiveX clsid access (web-activex.rules)
 * 1:8831 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DACamera.1 ActiveX clsid access (web-activex.rules)
 * 1:8834 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABoolean.1 ActiveX clsid access (web-activex.rules)
 * 1:8837 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABbox3.1 ActiveX clsid access (web-activex.rules)
 * 1:8840 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABbox2.1 ActiveX clsid access (web-activex.rules)
 * 1:8843 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAArray.1 ActiveX clsid access (web-activex.rules)
 * 1:8846 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Character Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8848 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8850 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8852 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent v2.0 ActiveX clsid access (web-activex.rules)
 * 1:9129 <-> DISABLED <-> WEB-ACTIVEX WinZip FileView 6.1 ActiveX clsid access (web-activex.rules)
 * 1:9131 <-> DISABLED <-> WEB-ACTIVEX WinZip FileView 6.1 ActiveX function call access (web-activex.rules)
 * 1:9427 <-> DISABLED <-> WEB-ACTIVEX Acer LunchApp.APlunch ActiveX clsid access (web-activex.rules)
 * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules)
 * 1:9646 <-> DISABLED <-> PUA-TOOLBARS Hijacker sogou runtime detection - search through sogou toolbar (pua-toolbars.rules)
 * 1:9668 <-> DISABLED <-> WEB-ACTIVEX Outlook Recipient Control ActiveX clsid access (web-activex.rules)
 * 1:9671 <-> DISABLED <-> WEB-ACTIVEX RealNetworks RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-activex.rules)
 * 1:9795 <-> DISABLED <-> WEB-ACTIVEX Panda ActiveScan ActiveScan.1 ActiveX clsid access (web-activex.rules)
 * 1:9798 <-> DISABLED <-> WEB-ACTIVEX Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid access (web-activex.rules)
 * 1:9817 <-> DISABLED <-> WEB-ACTIVEX CEnroll.CEnroll.2 ActiveX clsid access (web-activex.rules)
 * 1:9823 <-> DISABLED <-> WEB-CLIENT Apple QuickTime RTSP URI overflow attempt (web-client.rules)
 * 1:9824 <-> DISABLED <-> WEB-ACTIVEX Rediff Bol Downloader ActiveX clsid access (web-activex.rules)
 * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules)
 * 1:9849 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)