Sourcefire VRT Rules Update

Date: 2012-05-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:23056 <-> DISABLED <-> EXPLOIT SAP NetWeaver Dispatcher buffer overflow attempt (exploit.rules)
 * 1:23055 <-> DISABLED <-> FTP Cisco IOS FTP MKD buffer overflow attempt (ftp.rules)
 * 1:23054 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox nSSVGValue memory corruption attempt (web-client.rules)
 * 1:23051 <-> DISABLED <-> BOTNET-CNC Dybalom.A runtime traffic detected (botnet-cnc.rules)
 * 1:23050 <-> DISABLED <-> WEB-ACTIVEX McAFee Virtual Technician Security Bypass ActiveX function call attempt (web-activex.rules)
 * 1:23049 <-> DISABLED <-> WEB-ACTIVEX McAFee Virtual Technician Security Bypass ActiveX function call attempt (web-activex.rules)
 * 1:23048 <-> DISABLED <-> WEB-ACTIVEX McAFee Virtual Technician Security Bypass ActiveX clsid attempt (web-activex.rules)
 * 1:23047 <-> DISABLED <-> WEB-MISC Oracle GlassFish Enterprise server cross site scripting attempt (web-misc.rules)
 * 1:23046 <-> DISABLED <-> WEB-MISC Oracle GlassFish Enterprise server cross site scripting attempt (web-misc.rules)

Modified Rules:


 * 1:1000 <-> DISABLED <-> WEB-IIS bdir.htr access (web-iis.rules)
 * 1:1003 <-> DISABLED <-> WEB-IIS cmd? access (web-iis.rules)
 * 1:1004 <-> DISABLED <-> WEB-IIS codebrowser Exair access (web-iis.rules)
 * 1:1005 <-> DISABLED <-> WEB-IIS codebrowser SDK access (web-iis.rules)
 * 1:10063 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox query interface suspicious function call access attempt (web-client.rules)
 * 1:1007 <-> DISABLED <-> WEB-IIS Form_JScript.asp access (web-iis.rules)
 * 1:1008 <-> DISABLED <-> WEB-IIS del attempt (web-iis.rules)
 * 1:1009 <-> DISABLED <-> WEB-IIS directory listing (web-iis.rules)
 * 1:10090 <-> DISABLED <-> SPYWARE-PUT Trickler zango easymessenger runtime detection (spyware-put.rules)
 * 1:10092 <-> DISABLED <-> SPYWARE-PUT Trackware russian searchbar runtime detection (spyware-put.rules)
 * 1:10094 <-> DISABLED <-> SPYWARE-PUT Adware borlan runtime detection (spyware-put.rules)
 * 1:10095 <-> DISABLED <-> SPYWARE-PUT Trackware bydou runtime detection (spyware-put.rules)
 * 1:1010 <-> DISABLED <-> WEB-IIS encoding access (web-iis.rules)
 * 1:1011 <-> DISABLED <-> WEB-IIS exec-src access (web-iis.rules)
 * 1:1012 <-> DISABLED <-> WEB-IIS fpcount attempt (web-iis.rules)
 * 1:1013 <-> DISABLED <-> WEB-IIS fpcount access (web-iis.rules)
 * 1:10131 <-> DISABLED <-> WEB-CLIENT Mozilla compareTo arbitrary code execution attempt (web-client.rules)
 * 1:1015 <-> DISABLED <-> WEB-IIS getdrvs.exe access (web-iis.rules)
 * 1:1016 <-> DISABLED <-> WEB-IIS global.asa access (web-iis.rules)
 * 1:10164 <-> DISABLED <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules)
 * 1:10166 <-> DISABLED <-> SPYWARE-PUT Trackware baigoo runtime detection (spyware-put.rules)
 * 1:1017 <-> DISABLED <-> WEB-IIS idc-srch attempt (web-iis.rules)
 * 1:10172 <-> DISABLED <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules)
 * 1:10179 <-> DISABLED <-> SPYWARE-PUT Trackware bysoo runtime detection (spyware-put.rules)
 * 1:1018 <-> DISABLED <-> WEB-IIS iisadmpwd attempt (web-iis.rules)
 * 1:10182 <-> DISABLED <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules)
 * 1:1019 <-> DISABLED <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
 * 1:1020 <-> DISABLED <-> WEB-IIS isc$data attempt (web-iis.rules)
 * 1:1021 <-> DISABLED <-> WEB-IIS ism.dll attempt (web-iis.rules)
 * 1:1022 <-> DISABLED <-> WEB-IIS jet vba access (web-iis.rules)
 * 1:1023 <-> DISABLED <-> WEB-IIS msadcs.dll access (web-iis.rules)
 * 1:1024 <-> DISABLED <-> WEB-IIS newdsn.exe access (web-iis.rules)
 * 1:1025 <-> DISABLED <-> WEB-IIS perl access (web-iis.rules)
 * 1:1026 <-> DISABLED <-> WEB-IIS perl-browse newline attempt (web-iis.rules)
 * 1:1027 <-> DISABLED <-> WEB-IIS perl-browse space attempt (web-iis.rules)
 * 1:1028 <-> DISABLED <-> WEB-IIS query.asp access (web-iis.rules)
 * 1:1029 <-> DISABLED <-> WEB-IIS scripts-browse access (web-iis.rules)
 * 1:1030 <-> DISABLED <-> WEB-IIS search97.vts access (web-iis.rules)
 * 1:1031 <-> DISABLED <-> WEB-IIS /SiteServer/Publishing/viewcode.asp access (web-iis.rules)
 * 1:1032 <-> DISABLED <-> WEB-IIS showcode access (web-iis.rules)
 * 1:1033 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1034 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1035 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1036 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1037 <-> DISABLED <-> WEB-IIS showcode.asp access (web-iis.rules)
 * 1:1038 <-> DISABLED <-> WEB-IIS site server config access (web-iis.rules)
 * 1:1039 <-> DISABLED <-> WEB-IIS srch.htm access (web-iis.rules)
 * 1:10395 <-> DISABLED <-> WEB-ACTIVEX Symantec SupportSoft SmartIssue ActiveX function call access (web-activex.rules)
 * 1:1040 <-> DISABLED <-> WEB-IIS srchadm access (web-iis.rules)
 * 1:1041 <-> DISABLED <-> WEB-IIS uploadn.asp access (web-iis.rules)
 * 1:1043 <-> DISABLED <-> WEB-IIS viewcode.asp access (web-iis.rules)
 * 1:10435 <-> DISABLED <-> SPYWARE-PUT Trackware admedia runtime detection (spyware-put.rules)
 * 1:10437 <-> DISABLED <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules)
 * 1:10438 <-> DISABLED <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules)
 * 1:10439 <-> DISABLED <-> SPYWARE-PUT Adware mokead runtime detection (spyware-put.rules)
 * 1:1044 <-> DISABLED <-> WEB-IIS webhits access (web-iis.rules)
 * 1:1045 <-> DISABLED <-> WEB-IIS Unauthorized IP Access Attempt (web-iis.rules)
 * 1:1046 <-> DISABLED <-> WEB-IIS site/iisamples access (web-iis.rules)
 * 1:10468 <-> DISABLED <-> WEB-ACTIVEX iPIX Image Well ActiveX function call access (web-activex.rules)
 * 1:1047 <-> DISABLED <-> WEB-MISC Netscape Enterprise DOS (web-misc.rules)
 * 1:1048 <-> DISABLED <-> WEB-MISC Netscape Enterprise directory listing attempt (web-misc.rules)
 * 1:1050 <-> DISABLED <-> WEB-MISC iPlanet GETPROPERTIES attempt (web-misc.rules)
 * 1:1051 <-> DISABLED <-> WEB-CGI technote main.cgi file directory traversal attempt (web-cgi.rules)
 * 1:1052 <-> DISABLED <-> WEB-CGI technote print.cgi directory traversal attempt (web-cgi.rules)
 * 1:1053 <-> DISABLED <-> WEB-CGI ads.cgi command execution attempt (web-cgi.rules)
 * 1:1054 <-> DISABLED <-> WEB-MISC weblogic/tomcat .jsp view source attempt (web-misc.rules)
 * 1:1056 <-> DISABLED <-> WEB-MISC Apache Tomcat view source attempt (web-misc.rules)
 * 1:1057 <-> DISABLED <-> SQL ftp attempt (sql.rules)
 * 1:1058 <-> DISABLED <-> SQL xp_enumdsn attempt (sql.rules)
 * 1:1059 <-> DISABLED <-> SQL xp_filelist attempt (sql.rules)
 * 1:1060 <-> DISABLED <-> SQL xp_availablemedia attempt (sql.rules)
 * 1:1062 <-> DISABLED <-> WEB-MISC nc.exe attempt (web-misc.rules)
 * 1:1064 <-> DISABLED <-> WEB-MISC wsh attempt (web-misc.rules)
 * 1:1065 <-> DISABLED <-> WEB-MISC rcmd attempt (web-misc.rules)
 * 1:1066 <-> DISABLED <-> WEB-MISC telnet attempt (web-misc.rules)
 * 1:1067 <-> DISABLED <-> WEB-MISC net attempt (web-misc.rules)
 * 1:1068 <-> DISABLED <-> WEB-MISC tftp attempt (web-misc.rules)
 * 1:1069 <-> DISABLED <-> SQL xp_regread attempt (sql.rules)
 * 1:1070 <-> DISABLED <-> WEB-MISC WebDAV search access (web-misc.rules)
 * 1:1071 <-> DISABLED <-> WEB-MISC .htpasswd access (web-misc.rules)
 * 1:1072 <-> DISABLED <-> WEB-MISC Lotus Domino directory traversal (web-misc.rules)
 * 1:1073 <-> DISABLED <-> WEB-MISC webhits.exe access (web-misc.rules)
 * 1:1075 <-> DISABLED <-> WEB-IIS postinfo.asp access (web-iis.rules)
 * 1:1076 <-> DISABLED <-> WEB-IIS repost.asp access (web-iis.rules)
 * 1:1079 <-> DISABLED <-> WEB-MISC Microsoft Windows WebDAV propfind access (web-misc.rules)
 * 1:1080 <-> DISABLED <-> WEB-MISC unify eWave ServletExec upload (web-misc.rules)
 * 1:1081 <-> DISABLED <-> WEB-MISC Netscape Servers suite DOS (web-misc.rules)
 * 1:1082 <-> DISABLED <-> WEB-MISC amazon 1-click cookie theft (web-misc.rules)
 * 1:1083 <-> DISABLED <-> WEB-MISC unify eWave ServletExec DOS (web-misc.rules)
 * 1:1084 <-> DISABLED <-> WEB-MISC Allaire JRUN DOS attempt (web-misc.rules)
 * 1:1088 <-> DISABLED <-> WEB-CGI eXtropia webstore directory traversal (web-cgi.rules)
 * 1:1089 <-> DISABLED <-> WEB-CGI shopping cart directory traversal (web-cgi.rules)
 * 1:1090 <-> DISABLED <-> WEB-CGI Allaire Pro Web Shell attempt (web-cgi.rules)
 * 1:1091 <-> DISABLED <-> WEB-MISC ICQ Webfront HTTP DOS (web-misc.rules)
 * 1:1092 <-> DISABLED <-> WEB-CGI Armada Style Master Index directory traversal (web-cgi.rules)
 * 1:1093 <-> DISABLED <-> WEB-CGI cached_feed.cgi moreover shopping cart directory traversal (web-cgi.rules)
 * 1:1095 <-> DISABLED <-> WEB-MISC Talentsoft Web+ Source Code view access (web-misc.rules)
 * 1:1096 <-> DISABLED <-> WEB-MISC Talentsoft Web+ internal IP Address access (web-misc.rules)
 * 1:1097 <-> DISABLED <-> WEB-CGI Talentsoft Web+ exploit attempt (web-cgi.rules)
 * 1:1098 <-> DISABLED <-> WEB-MISC SmartWin CyberOffice Shopping Cart access (web-misc.rules)
 * 1:1099 <-> DISABLED <-> WEB-MISC cybercop scan (web-misc.rules)
 * 1:10990 <-> DISABLED <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules)
 * 1:1100 <-> DISABLED <-> WEB-MISC L3retriever HTTP Probe (web-misc.rules)
 * 1:1101 <-> DISABLED <-> WEB-MISC Webtrends HTTP probe (web-misc.rules)
 * 1:1102 <-> DISABLED <-> WEB-MISC nessus 1.X 404 probe (web-misc.rules)
 * 1:1103 <-> DISABLED <-> WEB-MISC Netscape admin passwd (web-misc.rules)
 * 1:1105 <-> DISABLED <-> WEB-MISC BigBrother access (web-misc.rules)
 * 1:1106 <-> DISABLED <-> WEB-CGI Poll-it access (web-cgi.rules)
 * 1:1107 <-> DISABLED <-> WEB-MISC ftp.pl access (web-misc.rules)
 * 1:1108 <-> DISABLED <-> WEB-MISC Apache Tomcat server snoop access (web-misc.rules)
 * 1:1109 <-> DISABLED <-> WEB-MISC ROXEN directory list attempt (web-misc.rules)
 * 1:1110 <-> DISABLED <-> WEB-MISC apache source.asp file access (web-misc.rules)
 * 1:1111 <-> DISABLED <-> WEB-MISC Apache Tomcat server exploit access (web-misc.rules)
 * 1:1115 <-> DISABLED <-> WEB-MISC ICQ webserver DOS (web-misc.rules)
 * 1:1116 <-> DISABLED <-> WEB-MISC Lotus DelDoc attempt (web-misc.rules)
 * 1:1117 <-> DISABLED <-> WEB-MISC Lotus EditDoc attempt (web-misc.rules)
 * 1:1118 <-> DISABLED <-> WEB-MISC ls%20-l (web-misc.rules)
 * 1:1119 <-> DISABLED <-> WEB-MISC mlog.phtml access (web-misc.rules)
 * 1:11193 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:11194 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:11199 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Viewer ActiveX clsid access (web-activex.rules)
 * 1:1120 <-> DISABLED <-> WEB-MISC mylog.phtml access (web-misc.rules)
 * 1:11201 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Viewer ActiveX function call access (web-activex.rules)
 * 1:1122 <-> DISABLED <-> WEB-MISC /etc/passwd (web-misc.rules)
 * 1:1123 <-> DISABLED <-> WEB-MISC ?PageServices access (web-misc.rules)
 * 1:1124 <-> DISABLED <-> WEB-MISC Ecommerce check.txt access (web-misc.rules)
 * 1:1125 <-> DISABLED <-> WEB-MISC webcart access (web-misc.rules)
 * 1:11257 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules)
 * 1:1126 <-> DISABLED <-> WEB-MISC AuthChangeUrl access (web-misc.rules)
 * 1:1127 <-> DISABLED <-> WEB-MISC convert.bas access (web-misc.rules)
 * 1:1128 <-> DISABLED <-> WEB-MISC cpshost.dll access (web-misc.rules)
 * 1:1129 <-> DISABLED <-> WEB-MISC .htaccess access (web-misc.rules)
 * 1:1130 <-> DISABLED <-> WEB-MISC .wwwacl access (web-misc.rules)
 * 1:11308 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spydawn runtime detection - update checking (spyware-put.rules)
 * 1:1131 <-> DISABLED <-> WEB-MISC .wwwacl access (web-misc.rules)
 * 1:11310 <-> DISABLED <-> SPYWARE-PUT Trickler iowa webdownloader - icq notification (spyware-put.rules)
 * 1:11311 <-> DISABLED <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules)
 * 1:11312 <-> DISABLED <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules)
 * 1:11313 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spywarelocker 3.3 runtime detection - update checking (spyware-put.rules)
 * 1:1133 <-> DISABLED <-> SCAN cybercop os probe (scan.rules)
 * 1:1136 <-> DISABLED <-> WEB-MISC cd.. (web-misc.rules)
 * 1:1139 <-> DISABLED <-> WEB-MISC whisker HEAD/./ (web-misc.rules)
 * 1:1140 <-> DISABLED <-> WEB-MISC guestbook.pl access (web-misc.rules)
 * 1:1141 <-> DISABLED <-> WEB-MISC handler access (web-misc.rules)
 * 1:1142 <-> DISABLED <-> WEB-MISC /.... access (web-misc.rules)
 * 1:1145 <-> DISABLED <-> WEB-MISC /~root access (web-misc.rules)
 * 1:1146 <-> DISABLED <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
 * 1:1148 <-> DISABLED <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
 * 1:1149 <-> DISABLED <-> WEB-CGI count.cgi access (web-cgi.rules)
 * 1:1150 <-> DISABLED <-> WEB-MISC Domino catalog.nsf access (web-misc.rules)
 * 1:1151 <-> DISABLED <-> WEB-MISC Domino domcfg.nsf access (web-misc.rules)
 * 1:1152 <-> DISABLED <-> WEB-MISC Domino domlog.nsf access (web-misc.rules)
 * 1:1153 <-> DISABLED <-> WEB-MISC Domino log.nsf access (web-misc.rules)
 * 1:1154 <-> DISABLED <-> WEB-MISC Domino names.nsf access (web-misc.rules)
 * 1:1155 <-> DISABLED <-> WEB-MISC Ecommerce checks.txt access (web-misc.rules)
 * 1:1157 <-> DISABLED <-> WEB-MISC Netscape PublishingXpert access (web-misc.rules)
 * 1:1158 <-> DISABLED <-> WEB-MISC windmail.exe access (web-misc.rules)
 * 1:1159 <-> DISABLED <-> WEB-MISC webplus access (web-misc.rules)
 * 1:1160 <-> DISABLED <-> WEB-MISC Netscape dir index wp (web-misc.rules)
 * 1:1162 <-> DISABLED <-> WEB-MISC cart 32 AdminPwd access (web-misc.rules)
 * 1:11620 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Chroma ActiveX function call access (web-activex.rules)
 * 1:11622 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office 2000 OUACTR ActiveX clsid access (web-activex.rules)
 * 1:11624 <-> DISABLED <-> WEB-ACTIVEX LeadTools ISIS ActiveX clsid access (web-activex.rules)
 * 1:11626 <-> DISABLED <-> WEB-ACTIVEX LeadTools ISIS ActiveX function call access (web-activex.rules)
 * 1:11628 <-> DISABLED <-> WEB-ACTIVEX LeadTools JPEG 2000 COM Object ActiveX function call access (web-activex.rules)
 * 1:1163 <-> DISABLED <-> WEB-CGI webdist.cgi access (web-cgi.rules)
 * 1:11630 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Dialog File Object ActiveX clsid access (web-activex.rules)
 * 1:11632 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Dialog File Object ActiveX function call access (web-activex.rules)
 * 1:11634 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Dialog File_D Object ActiveX clsid access (web-activex.rules)
 * 1:11636 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Dialog File_D Object ActiveX function call access (web-activex.rules)
 * 1:11638 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Document Object Library ActiveX clsid access (web-activex.rules)
 * 1:1164 <-> DISABLED <-> WEB-MISC shopping cart access (web-misc.rules)
 * 1:11640 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Document Object Library ActiveX function call access (web-activex.rules)
 * 1:11642 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster ISIS Object ActiveX clsid access (web-activex.rules)
 * 1:11644 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster ISIS Object ActiveX function call access (web-activex.rules)
 * 1:11646 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Thumbnail Object Library ActiveX clsid access (web-activex.rules)
 * 1:11648 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Thumbnail Object Library ActiveX function call access (web-activex.rules)
 * 1:1165 <-> DISABLED <-> WEB-MISC Novell Groupwise gwweb.exe access (web-misc.rules)
 * 1:11650 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Variant Object Library ActiveX clsid access (web-activex.rules)
 * 1:11652 <-> DISABLED <-> WEB-ACTIVEX LeadTools Raster Variant Object Library ActiveX function call access (web-activex.rules)
 * 1:11654 <-> DISABLED <-> WEB-ACTIVEX LeadTools Thumbnail Browser Control ActiveX clsid access (web-activex.rules)
 * 1:11656 <-> DISABLED <-> WEB-ACTIVEX LeadTools Thumbnail Browser Control ActiveX function call access (web-activex.rules)
 * 1:11658 <-> DISABLED <-> WEB-ACTIVEX Dart ZipLite Compression ActiveX clsid access (web-activex.rules)
 * 1:1166 <-> DISABLED <-> WEB-MISC ws_ftp.ini access (web-misc.rules)
 * 1:11660 <-> DISABLED <-> WEB-ACTIVEX EDraw Office Viewer ActiveX clsid access (web-activex.rules)
 * 1:11662 <-> DISABLED <-> WEB-ACTIVEX EDraw Office Viewer ActiveX function call access (web-activex.rules)
 * 1:1167 <-> DISABLED <-> WEB-MISC rpm_query access (web-misc.rules)
 * 1:11673 <-> DISABLED <-> WEB-ACTIVEX Zenturi ProgramChecker ActiveX clsid access (web-activex.rules)
 * 1:11675 <-> DISABLED <-> WEB-ACTIVEX Zenturi ProgramChecker ActiveX function call access (web-activex.rules)
 * 1:11677 <-> DISABLED <-> WEB-ACTIVEX Provideo Camimage Class ISSCamControl ActiveX clsid access (web-activex.rules)
 * 1:1168 <-> DISABLED <-> WEB-MISC mall log order access (web-misc.rules)
 * 1:11685 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:1172 <-> DISABLED <-> WEB-CGI bigconf.cgi access (web-cgi.rules)
 * 1:1173 <-> DISABLED <-> WEB-MISC architext_query.pl access (web-misc.rules)
 * 1:1174 <-> DISABLED <-> WEB-CGI /cgi-bin/jj access (web-cgi.rules)
 * 1:1175 <-> DISABLED <-> WEB-MISC wwwboard.pl access (web-misc.rules)
 * 1:1177 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1180 <-> DISABLED <-> WEB-MISC get32.exe access (web-misc.rules)
 * 1:1181 <-> DISABLED <-> WEB-MISC Annex Terminal DOS attempt (web-misc.rules)
 * 1:11817 <-> DISABLED <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules)
 * 1:11818 <-> DISABLED <-> WEB-ACTIVEX Yahoo Webcam Viewer Wrapper ActiveX clsid access (web-activex.rules)
 * 1:11820 <-> DISABLED <-> WEB-ACTIVEX Yahoo Webcam Viewer Wrapper ActiveX function call access (web-activex.rules)
 * 1:11826 <-> DISABLED <-> WEB-ACTIVEX Microsoft Voice Control ActiveX clsid access (web-activex.rules)
 * 1:11828 <-> DISABLED <-> WEB-ACTIVEX Microsoft Voice Control ActiveX function call access (web-activex.rules)
 * 1:1183 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:11832 <-> DISABLED <-> WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX function call access (web-activex.rules)
 * 1:11839 <-> DISABLED <-> WEB-ACTIVEX TEC-IT TBarCode ActiveX clsid access (web-activex.rules)
 * 1:1184 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:11841 <-> DISABLED <-> WEB-ACTIVEX TEC-IT TBarCode ActiveX function call access (web-activex.rules)
 * 1:11843 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (netbios.rules)
 * 1:1185 <-> DISABLED <-> WEB-CGI bizdbsearch attempt (web-cgi.rules)
 * 1:1186 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1187 <-> DISABLED <-> WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules)
 * 1:1188 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1189 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1190 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1191 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1192 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan access (web-misc.rules)
 * 1:1193 <-> DISABLED <-> WEB-MISC oracle web arbitrary command execution attempt (web-misc.rules)
 * 1:1194 <-> DISABLED <-> WEB-CGI sojourn.cgi File attempt (web-cgi.rules)
 * 1:11940 <-> DISABLED <-> WEB-ACTIVEX Westbyte Internet Download Accelerator ActiveX function call access (web-activex.rules)
 * 1:11942 <-> DISABLED <-> WEB-ACTIVEX Westbyte internet download accelerator ActiveX clsid access (web-activex.rules)
 * 1:11943 <-> DISABLED <-> WEB-ACTIVEX HP ModemUtil ActiveX clsid access (web-activex.rules)
 * 1:1195 <-> DISABLED <-> WEB-CGI sojourn.cgi access (web-cgi.rules)
 * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:1196 <-> DISABLED <-> WEB-CGI SGI InfoSearch fname attempt (web-cgi.rules)
 * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:1198 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:12014 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:12015 <-> DISABLED <-> WEB-ACTIVEX NCTAudioStudio2 NCT WavChunksEditor ActiveX clsid access (web-activex.rules)
 * 1:12017 <-> DISABLED <-> WEB-ACTIVEX NCTAudioStudio2 NCT WavChunksEditor ActiveX function call access (web-activex.rules)
 * 1:12019 <-> DISABLED <-> WEB-ACTIVEX NCTsoft NCTAudioFile2 NCTWMAFile ActiveX clsid access (web-activex.rules)
 * 1:1202 <-> DISABLED <-> WEB-MISC search.vts access (web-misc.rules)
 * 1:12021 <-> DISABLED <-> WEB-ACTIVEX NCTsoft NCTAudioFile2 NCTWMAFile ActiveX function call access (web-activex.rules)
 * 1:12029 <-> DISABLED <-> WEB-ACTIVEX HP Digital Imaging hpqxml.dll ActiveX clsid access (web-activex.rules)
 * 1:1204 <-> DISABLED <-> WEB-CGI ax-admin.cgi access (web-cgi.rules)
 * 1:12047 <-> DISABLED <-> SPYWARE-PUT Adware yayad runtime detection (spyware-put.rules)
 * 1:1205 <-> DISABLED <-> WEB-CGI axs.cgi access (web-cgi.rules)
 * 1:1206 <-> DISABLED <-> WEB-CGI cachemgr.cgi access (web-cgi.rules)
 * 1:12062 <-> DISABLED <-> WEB-ACTIVEX HP Instant Support ActiveX clsid access (web-activex.rules)
 * 1:12064 <-> DISABLED <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
 * 1:1207 <-> DISABLED <-> WEB-MISC htgrep access (web-misc.rules)
 * 1:1208 <-> DISABLED <-> WEB-CGI responder.cgi access (web-cgi.rules)
 * 1:12083 <-> DISABLED <-> WEB-ACTIVEX Data Dynamics ActiveBar Actbar3 ActiveX clsid access (web-activex.rules)
 * 1:12085 <-> DISABLED <-> WEB-ACTIVEX Data Dynamics ActiveBar Actbar3 ActiveX function call access (web-activex.rules)
 * 1:12087 <-> DISABLED <-> WEB-ACTIVEX McAfee NeoTrace ActiveX clsid access (web-activex.rules)
 * 1:12089 <-> DISABLED <-> WEB-ACTIVEX McAfee NeoTrace ActiveX function call access (web-activex.rules)
 * 1:1209 <-> DISABLED <-> WEB-MISC .nsconfig access (web-misc.rules)
 * 1:12091 <-> DISABLED <-> WEB-ACTIVEX EldoS SecureBlackbox PGPBBox ActiveX clsid access (web-activex.rules)
 * 1:12093 <-> DISABLED <-> WEB-ACTIVEX EldoS SecureBlackbox PGPBBox ActiveX function call access (web-activex.rules)
 * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules)
 * 1:1211 <-> DISABLED <-> WEB-CGI web-map.cgi access (web-cgi.rules)
 * 1:12116 <-> DISABLED <-> WEB-ACTIVEX Zenturi ProgramChecker SASATL ActiveX clsid access (web-activex.rules)
 * 1:12118 <-> DISABLED <-> WEB-ACTIVEX Zenturi ProgramChecker SASATL ActiveX function call access (web-activex.rules)
 * 1:1212 <-> DISABLED <-> WEB-MISC Admin_files access (web-misc.rules)
 * 1:12120 <-> DISABLED <-> SPYWARE-PUT Adware pprich runtime detection - version check (spyware-put.rules)
 * 1:12123 <-> DISABLED <-> SPYWARE-PUT Hijacker lookquick runtime detection - hijack ie (spyware-put.rules)
 * 1:12124 <-> DISABLED <-> SPYWARE-PUT Hijacker lookquick runtime detection - monitor and collect user info (spyware-put.rules)
 * 1:1213 <-> DISABLED <-> WEB-MISC backup access (web-misc.rules)
 * 1:12138 <-> DISABLED <-> SPYWARE-PUT Adware zamingo runtime detection (spyware-put.rules)
 * 1:1214 <-> DISABLED <-> WEB-MISC intranet access (web-misc.rules)
 * 1:12140 <-> DISABLED <-> SPYWARE-PUT Hijacker cnnic update runtime detection (spyware-put.rules)
 * 1:1215 <-> DISABLED <-> WEB-CGI ministats admin access (web-cgi.rules)
 * 1:1216 <-> DISABLED <-> WEB-MISC filemail access (web-misc.rules)
 * 1:12168 <-> DISABLED <-> WEB-ACTIVEX Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid access (web-activex.rules)
 * 1:1217 <-> DISABLED <-> WEB-MISC plusmail access (web-misc.rules)
 * 1:1218 <-> DISABLED <-> WEB-MISC adminlogin access (web-misc.rules)
 * 1:12189 <-> DISABLED <-> WEB-ACTIVEX Clever Internet Suite ActiveX clsid access (web-activex.rules)
 * 1:1219 <-> DISABLED <-> WEB-CGI dfire.cgi access (web-cgi.rules)
 * 1:12191 <-> DISABLED <-> WEB-ACTIVEX Clever Internet Suite ActiveX function call access (web-activex.rules)
 * 1:12195 <-> DISABLED <-> WEB-ACTIVEX Yahoo Widgets Engine ActiveX function call access (web-activex.rules)
 * 1:1220 <-> DISABLED <-> WEB-MISC ultraboard access (web-misc.rules)
 * 1:12200 <-> DISABLED <-> WEB-ACTIVEX VMWare IntraProcessLogging ActiveX clsid access (web-activex.rules)
 * 1:12205 <-> DISABLED <-> WEB-ACTIVEX VMWare Vielib.dll ActiveX function call access (web-activex.rules)
 * 1:12207 <-> DISABLED <-> WEB-ACTIVEX Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (web-activex.rules)
 * 1:1221 <-> DISABLED <-> WEB-MISC Muscat Empower cgi access (web-misc.rules)
 * 1:1222 <-> DISABLED <-> WEB-CGI pals-cgi arbitrary file access attempt (web-cgi.rules)
 * 1:12224 <-> DISABLED <-> SPYWARE-PUT Adware enbrowser snackman runtime detection (spyware-put.rules)
 * 1:12229 <-> DISABLED <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules)
 * 1:12230 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool hippynotify 2.0 runtime detection (spyware-put.rules)
 * 1:12231 <-> DISABLED <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules)
 * 1:12232 <-> DISABLED <-> SPYWARE-PUT Adware errorsafe runtime detection (spyware-put.rules)
 * 1:1224 <-> DISABLED <-> WEB-MISC ROADS search.pl attempt (web-misc.rules)
 * 1:12246 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32 ActiveX clsid access (web-activex.rules)
 * 1:12248 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32 ActiveX function call access (web-activex.rules)
 * 1:12252 <-> DISABLED <-> WEB-ACTIVEX Symantec NavComUI AxSysListView32OAA ActiveX function call access (web-activex.rules)
 * 1:12255 <-> DISABLED <-> WEB-CGI CSGuestbook setup attempt (web-cgi.rules)
 * 1:12257 <-> DISABLED <-> WEB-ACTIVEX Microsoft DirectX Media SDK ActiveX clsid access (web-activex.rules)
 * 1:12259 <-> DISABLED <-> WEB-ACTIVEX Microsoft DirectX Media SDK ActiveX function call access (web-activex.rules)
 * 1:12261 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (web-activex.rules)
 * 1:12263 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (web-activex.rules)
 * 1:12265 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (web-activex.rules)
 * 1:12267 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 SearchHelper ActiveX function call access (web-activex.rules)
 * 1:12273 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (web-activex.rules)
 * 1:12275 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (web-activex.rules)
 * 1:12277 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer CSS memory corruption exploit (exploit.rules)
 * 1:12281 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12282 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12290 <-> DISABLED <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules)
 * 1:12295 <-> DISABLED <-> SPYWARE-PUT Hijacker 3search runtime detection - hijacking (spyware-put.rules)
 * 1:1230 <-> DISABLED <-> WEB-MISC VirusWall FtpSave access (web-misc.rules)
 * 1:12301 <-> DISABLED <-> WEB-ACTIVEX eCentrex VOIP Client Module ActiveX clsid access (web-activex.rules)
 * 1:1231 <-> DISABLED <-> WEB-MISC VirusWall catinfo access (web-misc.rules)
 * 1:1234 <-> DISABLED <-> WEB-MISC VirusWall FtpSaveCSP access (web-misc.rules)
 * 1:1235 <-> DISABLED <-> WEB-MISC VirusWall FtpSaveCVP access (web-misc.rules)
 * 1:12361 <-> DISABLED <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules)
 * 1:12363 <-> DISABLED <-> SPYWARE-PUT Other-Technologies malware-stopper runtime detection (spyware-put.rules)
 * 1:12365 <-> DISABLED <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules)
 * 1:12367 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules)
 * 1:12368 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules)
 * 1:12369 <-> DISABLED <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules)
 * 1:12371 <-> DISABLED <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules)
 * 1:12380 <-> DISABLED <-> WEB-ACTIVEX Oracle JInitiator ActiveX clsid access (web-activex.rules)
 * 1:12384 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger YVerInfo ActiveX clsid access (web-activex.rules)
 * 1:12386 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger YVerInfo ActiveX function call access (web-activex.rules)
 * 1:12388 <-> DISABLED <-> WEB-ACTIVEX PPStream PowerPlayer ActiveX clsid access (web-activex.rules)
 * 1:1241 <-> DISABLED <-> WEB-MISC SWEditServlet directory traversal attempt (web-misc.rules)
 * 1:12413 <-> DISABLED <-> WEB-ACTIVEX Earth Resource Mapper NCSView ActiveX clsid access (web-activex.rules)
 * 1:12415 <-> DISABLED <-> WEB-ACTIVEX Earth Resource Mapper NCSView ActiveX function call access (web-activex.rules)
 * 1:1242 <-> DISABLED <-> WEB-IIS ISAPI .ida access (web-iis.rules)
 * 1:12428 <-> DISABLED <-> WEB-ACTIVEX GlobalLink glitemflat.dll ActiveX clsid access (web-activex.rules)
 * 1:1243 <-> DISABLED <-> WEB-IIS ISAPI .ida attempt (web-iis.rules)
 * 1:12430 <-> DISABLED <-> WEB-ACTIVEX EDraw Office Viewer Component ActiveX clsid access (web-activex.rules)
 * 1:12432 <-> DISABLED <-> WEB-ACTIVEX EDraw Office Viewer Component ActiveX function call access (web-activex.rules)
 * 1:12434 <-> DISABLED <-> WEB-ACTIVEX BaoFeng Storm MPS.dll ActiveX clsid access (web-activex.rules)
 * 1:12438 <-> DISABLED <-> WEB-ACTIVEX Ultra Crypto Component CryptoX.dll ActiveX clsid access (web-activex.rules)
 * 1:1244 <-> DISABLED <-> WEB-IIS ISAPI .idq attempt (web-iis.rules)
 * 1:12440 <-> DISABLED <-> WEB-ACTIVEX Ultra Crypto Component CryptoX.dll ActiveX function call access (web-activex.rules)
 * 1:12442 <-> DISABLED <-> WEB-ACTIVEX Ultra Crypto Component CryptoX.dll 2 ActiveX clsid access (web-activex.rules)
 * 1:12444 <-> DISABLED <-> WEB-ACTIVEX Microsoft SQL Server Distributed Management Objects ActiveX clsid access (web-activex.rules)
 * 1:12446 <-> DISABLED <-> WEB-ACTIVEX Microsoft SQL Server Distributed Management Objects ActiveX function call access (web-activex.rules)
 * 1:1245 <-> DISABLED <-> WEB-IIS ISAPI .idq access (web-iis.rules)
 * 1:12450 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent Control ActiveX function call access (web-activex.rules)
 * 1:12452 <-> DISABLED <-> WEB-ACTIVEX MS Agent File Provider ActiveX clsid access (web-activex.rules)
 * 1:12461 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid access (web-activex.rules)
 * 1:12463 <-> DISABLED <-> EXPLOIT Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (exploit.rules)
 * 1:12468 <-> DISABLED <-> WEB-ACTIVEX COWON America JetAudio JetFlExt.dll ActiveX clsid access (web-activex.rules)
 * 1:12470 <-> DISABLED <-> WEB-ACTIVEX COWON America JetAudio JetFlExt.dll ActiveX function call access (web-activex.rules)
 * 1:12476 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger CYFT ActiveX clsid access (web-activex.rules)
 * 1:12478 <-> DISABLED <-> WEB-ACTIVEX Yahoo Messenger CYFT ActiveX function call access (web-activex.rules)
 * 1:1248 <-> DISABLED <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
 * 1:12482 <-> DISABLED <-> SPYWARE-PUT Trickler pseudorat 0.1b runtime detection (spyware-put.rules)
 * 1:12483 <-> DISABLED <-> SPYWARE-PUT Other-Technologies virusprotectpro 3.7 runtime detection (spyware-put.rules)
 * 1:12484 <-> DISABLED <-> SPYWARE-PUT Adware instant buzz runtime detection - ads for members (spyware-put.rules)
 * 1:12485 <-> DISABLED <-> SPYWARE-PUT Adware instant buzz runtime detection - random text ads (spyware-put.rules)
 * 1:1249 <-> DISABLED <-> WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules)
 * 1:1250 <-> DISABLED <-> WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules)
 * 1:1256 <-> DISABLED <-> WEB-IIS CodeRed v2 root.exe access (web-iis.rules)
 * 1:1258 <-> DISABLED <-> WEB-MISC HP OpenView Manager DOS (web-misc.rules)
 * 1:1259 <-> DISABLED <-> WEB-MISC SWEditServlet access (web-misc.rules)
 * 1:12595 <-> DISABLED <-> WEB-IIS malicious ASP file upload attempt (web-iis.rules)
 * 1:12598 <-> DISABLED <-> WEB-ACTIVEX Xunlei Web Thunder ActiveX clsid access (web-activex.rules)
 * 1:12600 <-> DISABLED <-> WEB-ACTIVEX ebCrypt IncrementalHash ActiveX clsid access (web-activex.rules)
 * 1:12602 <-> DISABLED <-> WEB-ACTIVEX ebCrypt IncrementalHash ActiveX function call access (web-activex.rules)
 * 1:12604 <-> DISABLED <-> WEB-ACTIVEX ebCrypt PRNGenerator ActiveX clsid access (web-activex.rules)
 * 1:12606 <-> DISABLED <-> WEB-ACTIVEX ebCrypt PRNGenerator ActiveX function call access (web-activex.rules)
 * 1:12620 <-> DISABLED <-> SPYWARE-PUT Adware drive cleaner 1.0.111 runtime detection (spyware-put.rules)
 * 1:12623 <-> DISABLED <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection (spyware-put.rules)
 * 1:12624 <-> DISABLED <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection - upgrade (spyware-put.rules)
 * 1:12631 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (exploit.rules)
 * 1:12632 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (exploit.rules)
 * 1:12637 <-> DISABLED <-> WEB-ACTIVEX Kaspersky Online Scanner KAVWebScan.dll ActiveX clsid access (web-activex.rules)
 * 1:12639 <-> DISABLED <-> WEB-ACTIVEX Kaspersky Online Scanner KAVWebScan.dll ActiveX function call access (web-activex.rules)
 * 1:12643 <-> DISABLED <-> WEB-CLIENT Microsoft Windows URI External handler arbitrary command attempt (web-client.rules)
 * 1:12644 <-> DISABLED <-> WEB-ACTIVEX PBEmail7 ActiveX clsid access (web-activex.rules)
 * 1:12646 <-> DISABLED <-> WEB-ACTIVEX PBEmail7 ActiveX function call access (web-activex.rules)
 * 1:12648 <-> DISABLED <-> WEB-ACTIVEX DB Software Laboratory VImpX ActiveX clsid access (web-activex.rules)
 * 1:12650 <-> DISABLED <-> WEB-ACTIVEX DB Software Laboratory VImpX ActiveX function call access (web-activex.rules)
 * 1:12652 <-> DISABLED <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - hijack browser (spyware-put.rules)
 * 1:12653 <-> DISABLED <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - download code (spyware-put.rules)
 * 1:12654 <-> DISABLED <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - hijack browser (spyware-put.rules)
 * 1:12655 <-> DISABLED <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - download updates (spyware-put.rules)
 * 1:12656 <-> DISABLED <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 1 (spyware-put.rules)
 * 1:12657 <-> DISABLED <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 2 (spyware-put.rules)
 * 1:12658 <-> DISABLED <-> SPYWARE-PUT Adware winantivirus pro 2007 runtime detection (spyware-put.rules)
 * 1:12659 <-> DISABLED <-> SPYWARE-PUT Trickler zlob media codec runtime detection - automatic updates (spyware-put.rules)
 * 1:12660 <-> DISABLED <-> SPYWARE-PUT Trickler zlob media codec runtime detection - download redirect domains (spyware-put.rules)
 * 1:12673 <-> DISABLED <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules)
 * 1:12674 <-> DISABLED <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules)
 * 1:12676 <-> DISABLED <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules)
 * 1:12677 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules)
 * 1:12678 <-> DISABLED <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules)
 * 1:12687 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:12689 <-> DISABLED <-> WEB-ACTIVEX GlobalLink ConnectAndEnterRoom ActiveX clsid access (web-activex.rules)
 * 1:12693 <-> DISABLED <-> SPYWARE-PUT Hijacker personalweb runtime detection (spyware-put.rules)
 * 1:12694 <-> DISABLED <-> SPYWARE-PUT Adware avsystemcare runtime detection (spyware-put.rules)
 * 1:12695 <-> DISABLED <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - initial connection (spyware-put.rules)
 * 1:12696 <-> DISABLED <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - automatic upgrade (spyware-put.rules)
 * 1:12697 <-> DISABLED <-> SPYWARE-PUT Trackware browser accelerator runtime detection - pass user information to server (spyware-put.rules)
 * 1:12714 <-> DISABLED <-> WEB-ACTIVEX WebEx GPCContainer ActiveX clsid access (web-activex.rules)
 * 1:12716 <-> DISABLED <-> WEB-ACTIVEX WebEx GPCContainer ActiveX function call access (web-activex.rules)
 * 1:12718 <-> DISABLED <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - initial connection (spyware-put.rules)
 * 1:12719 <-> DISABLED <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - hijacks search engine (spyware-put.rules)
 * 1:12720 <-> DISABLED <-> SPYWARE-PUT Adware pestbot runtime detection - update (spyware-put.rules)
 * 1:12721 <-> DISABLED <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules)
 * 1:12722 <-> DISABLED <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules)
 * 1:12723 <-> DISABLED <-> SPYWARE-PUT Trackware winzix 2.2.0 runtime detection (spyware-put.rules)
 * 1:12731 <-> DISABLED <-> WEB-ACTIVEX AOL Radio AmpX ActiveX function call access (web-activex.rules)
 * 1:12733 <-> DISABLED <-> WEB-ACTIVEX ComponentOne FlexGrid ActiveX clsid access (web-activex.rules)
 * 1:12735 <-> DISABLED <-> WEB-ACTIVEX ComponentOne FlexGrid ActiveX function call access (web-activex.rules)
 * 1:12737 <-> DISABLED <-> WEB-ACTIVEX Xunlei Thunder PPLAYER.DLL ActiveX clsid access (web-activex.rules)
 * 1:12739 <-> DISABLED <-> WEB-ACTIVEX Xunlei Thunder PPLAYER.DLL ActiveX function call access (web-activex.rules)
 * 1:12747 <-> DISABLED <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX clsid access (web-activex.rules)
 * 1:12749 <-> DISABLED <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX function call access (web-activex.rules)
 * 1:12770 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (specific-threats.rules)
 * 1:12771 <-> DISABLED <-> SPECIFIC-THREATS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (specific-threats.rules)
 * 1:12772 <-> DISABLED <-> SPECIFIC-THREATS obfuscated PPStream PowerPlayer ActiveX exploit attempt (specific-threats.rules)
 * 1:12773 <-> DISABLED <-> SPECIFIC-THREATS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (specific-threats.rules)
 * 1:12774 <-> DISABLED <-> SPECIFIC-THREATS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (specific-threats.rules)
 * 1:12775 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (specific-threats.rules)
 * 1:12780 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access (web-activex.rules)
 * 1:12782 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access (web-activex.rules)
 * 1:12789 <-> DISABLED <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules)
 * 1:12790 <-> DISABLED <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules)
 * 1:12794 <-> DISABLED <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules)
 * 1:12795 <-> DISABLED <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules)
 * 1:12797 <-> DISABLED <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules)
 * 1:1283 <-> DISABLED <-> WEB-IIS outlook web dos (web-iis.rules)
 * 1:1284 <-> DISABLED <-> WEB-CLIENT readme.eml download attempt (web-client.rules)
 * 1:1285 <-> DISABLED <-> WEB-IIS msdac access (web-iis.rules)
 * 1:1286 <-> DISABLED <-> WEB-IIS _mem_bin access (web-iis.rules)
 * 1:1288 <-> DISABLED <-> WEB-FRONTPAGE /_vti_bin/ access (web-frontpage.rules)
 * 1:1290 <-> DISABLED <-> WEB-CLIENT readme.eml autoload attempt (web-client.rules)
 * 1:1291 <-> DISABLED <-> WEB-MISC sml3com access (web-misc.rules)
 * 1:12946 <-> DISABLED <-> NETBIOS SMB-DS SMBv2 protocol negotiation attempt (netbios.rules)
 * 1:1302 <-> DISABLED <-> WEB-MISC console.exe access (web-misc.rules)
 * 1:1303 <-> DISABLED <-> WEB-MISC cs.exe access (web-misc.rules)
 * 1:1304 <-> DISABLED <-> WEB-CGI txt2html.cgi access (web-cgi.rules)
 * 1:1305 <-> DISABLED <-> WEB-CGI txt2html.cgi directory traversal attempt (web-cgi.rules)
 * 1:1306 <-> DISABLED <-> WEB-CGI store.cgi product directory traversal attempt (web-cgi.rules)
 * 1:1307 <-> DISABLED <-> WEB-CGI store.cgi access (web-cgi.rules)
 * 1:1308 <-> DISABLED <-> WEB-CGI sendmessage.cgi access (web-cgi.rules)
 * 1:1309 <-> DISABLED <-> WEB-CGI zsh access (web-cgi.rules)
 * 1:13228 <-> DISABLED <-> WEB-ACTIVEX HP eSupportDiagnostics 1 ActiveX clsid access (web-activex.rules)
 * 1:13230 <-> DISABLED <-> WEB-ACTIVEX HP eSupportDiagnostics 2 ActiveX clsid access (web-activex.rules)
 * 1:13232 <-> DISABLED <-> WEB-ACTIVEX Persits Software XUpload ActiveX clsid access (web-activex.rules)
 * 1:13234 <-> DISABLED <-> WEB-ACTIVEX Persits Software XUpload ActiveX function call access (web-activex.rules)
 * 1:13238 <-> DISABLED <-> SPYWARE-PUT Adware adult p2p 1.5 runtime detection (spyware-put.rules)
 * 1:13240 <-> DISABLED <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - redirects to purchase page (spyware-put.rules)
 * 1:13241 <-> DISABLED <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - application updates (spyware-put.rules)
 * 1:13242 <-> DISABLED <-> SPYWARE-PUT Adware netpumper 1.26 runtime detection (spyware-put.rules)
 * 1:13249 <-> DISABLED <-> DNS dns response for rfc1918 10/8 address detected (dns.rules)
 * 1:13269 <-> DISABLED <-> EXPLOIT Multiple product nntp uri handling code execution attempt (exploit.rules)
 * 1:13270 <-> DISABLED <-> EXPLOIT Multiple product news uri handling code execution attempt (exploit.rules)
 * 1:13271 <-> DISABLED <-> EXPLOIT Multiple product telnet uri handling code execution attempt (exploit.rules)
 * 1:13272 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:13277 <-> DISABLED <-> SPYWARE-PUT Adware netword agent runtime detection (spyware-put.rules)
 * 1:13283 <-> DISABLED <-> SPYWARE-PUT Hijacker dreambar runtime detection (spyware-put.rules)
 * 1:13284 <-> DISABLED <-> SPYWARE-PUT Adware netguarder web cleaner runtime detection (spyware-put.rules)
 * 1:13285 <-> DISABLED <-> SPYWARE-PUT Hijacker phazebar runtime detection (spyware-put.rules)
 * 1:13286 <-> DISABLED <-> SPYWARE-PUT Adware 3wplayer 1.7 runtime detection (spyware-put.rules)
 * 1:13340 <-> DISABLED <-> SPYWARE-PUT Hijacker search4top runtime detection - hijack ie searches and error pages (spyware-put.rules)
 * 1:13341 <-> DISABLED <-> SPYWARE-PUT Hijacker search4top runtime detection - popup ads (spyware-put.rules)
 * 1:13343 <-> DISABLED <-> SPYWARE-PUT Adware 2005-search loader runtime detection (spyware-put.rules)
 * 1:13344 <-> DISABLED <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - presale request (spyware-put.rules)
 * 1:13345 <-> DISABLED <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - update (spyware-put.rules)
 * 1:13362 <-> DISABLED <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules)
 * 1:13434 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (web-activex.rules)
 * 1:13436 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 4 Property Overflows ActiveX function call access (web-activex.rules)
 * 1:13438 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (web-activex.rules)
 * 1:13440 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (web-activex.rules)
 * 1:13442 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (web-activex.rules)
 * 1:13444 <-> DISABLED <-> WEB-ACTIVEX Aurigma Image Uploader 5 Property Overflows ActiveX function call access (web-activex.rules)
 * 1:13451 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual FoxPro foxtlib ActiveX clsid access (web-activex.rules)
 * 1:13454 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (web-client.rules)
 * 1:13456 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (web-client.rules)
 * 1:13477 <-> DISABLED <-> SPECIFIC-THREATS Adobe PDF collab.collectEmailInfo exploit attempt - compressed (specific-threats.rules)
 * 1:13478 <-> DISABLED <-> SPECIFIC-THREATS Adobe PDF collab.collectEmailInfo exploit attempt (specific-threats.rules)
 * 1:13487 <-> DISABLED <-> SPYWARE-PUT Adware elite protector runtime detection (spyware-put.rules)
 * 1:13490 <-> DISABLED <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - presale request (spyware-put.rules)
 * 1:13491 <-> DISABLED <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - update (spyware-put.rules)
 * 1:13498 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 1 (spyware-put.rules)
 * 1:13499 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 2 (spyware-put.rules)
 * 1:13500 <-> DISABLED <-> SPYWARE-PUT Hijacker hbtbar runtime detection - log information (spyware-put.rules)
 * 1:13501 <-> DISABLED <-> SPYWARE-PUT Adware contravirus runtime detection - presale request (spyware-put.rules)
 * 1:13502 <-> DISABLED <-> SPYWARE-PUT Adware contravirus runtime detection - update (spyware-put.rules)
 * 1:13504 <-> DISABLED <-> SPYWARE-PUT Adware iedefender runtime detection - presale request (spyware-put.rules)
 * 1:13505 <-> DISABLED <-> SPYWARE-PUT Adware iedefender runtime detection - update (spyware-put.rules)
 * 1:13556 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 (spyware-put.rules)
 * 1:13557 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules)
 * 1:13558 <-> DISABLED <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules)
 * 1:13561 <-> DISABLED <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules)
 * 1:13562 <-> DISABLED <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules)
 * 1:13563 <-> DISABLED <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules)
 * 1:13564 <-> DISABLED <-> SPYWARE-PUT Adware system doctor runtime detection - update status (spyware-put.rules)
 * 1:13565 <-> DISABLED <-> SPYWARE-PUT Trickler iecodec runtime detection - initial traffic (spyware-put.rules)
 * 1:13566 <-> DISABLED <-> SPYWARE-PUT Trickler iecodec runtime detection - message dialog (spyware-put.rules)
 * 1:13580 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Web Components remote code execution attempt ActiveX clsid access (web-activex.rules)
 * 1:13635 <-> DISABLED <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - get malicious link (spyware-put.rules)
 * 1:13636 <-> DISABLED <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - download malicious link (spyware-put.rules)
 * 1:13637 <-> DISABLED <-> SPYWARE-PUT Adware virus heat runtime detection - presale request (spyware-put.rules)
 * 1:13638 <-> DISABLED <-> SPYWARE-PUT Adware virus heat runtime detection - initial database connection (spyware-put.rules)
 * 1:13646 <-> DISABLED <-> SPYWARE-PUT Adware registry defender runtime detection - presale request (spyware-put.rules)
 * 1:13647 <-> DISABLED <-> SPYWARE-PUT Adware registry defender runtime detection - error report request (spyware-put.rules)
 * 1:13648 <-> DISABLED <-> SPYWARE-PUT Hijacker mysearch bar 2.0.2.28 runtime detection (spyware-put.rules)
 * 1:13649 <-> DISABLED <-> SPYWARE-PUT Adware spyware stop runtime detection - presale request (spyware-put.rules)
 * 1:13650 <-> DISABLED <-> SPYWARE-PUT Adware spyware stop runtime detection - auto updates (spyware-put.rules)
 * 1:13653 <-> DISABLED <-> SPYWARE-PUT Adware cashfiesta adbar runtime detection - updates traffic (spyware-put.rules)
 * 1:1374 <-> DISABLED <-> WEB-MISC .htgroup access (web-misc.rules)
 * 1:1375 <-> DISABLED <-> WEB-MISC sadmind worm access (web-misc.rules)
 * 1:1376 <-> DISABLED <-> WEB-MISC jrun directory browse attempt (web-misc.rules)
 * 1:13762 <-> DISABLED <-> SPYWARE-PUT Adware system defender runtime detection (spyware-put.rules)
 * 1:13765 <-> DISABLED <-> SPYWARE-PUT Adware winxdefender runtime detection - presale request (spyware-put.rules)
 * 1:13766 <-> DISABLED <-> SPYWARE-PUT Adware winxdefender runtime detection - auto update (spyware-put.rules)
 * 1:13774 <-> DISABLED <-> SPYWARE-PUT Trickler trojan ecodec runtime detection - initial server connection #1 (spyware-put.rules)
 * 1:13775 <-> DISABLED <-> SPYWARE-PUT Trickler trojan ecodec runtime detection - initial server connection #2 (spyware-put.rules)
 * 1:13776 <-> DISABLED <-> SPYWARE-PUT Trackware syscleaner runtime detection - presale traffic (spyware-put.rules)
 * 1:13777 <-> DISABLED <-> SPYWARE-PUT Trackware syscleaner runtime detection - get update (spyware-put.rules)
 * 1:13782 <-> DISABLED <-> SPYWARE-PUT Hijacker ezreward runtime detection (spyware-put.rules)
 * 1:1380 <-> DISABLED <-> WEB-IIS Form_VBScript.asp access (web-iis.rules)
 * 1:13808 <-> DISABLED <-> SPYWARE-PUT Adware ie antivirus runtime detection - presale request (spyware-put.rules)
 * 1:13809 <-> DISABLED <-> SPYWARE-PUT Adware ie antivirus runtime detection - update request (spyware-put.rules)
 * 1:1381 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan attempt (web-misc.rules)
 * 1:13811 <-> DISABLED <-> SPYWARE-PUT Adware xp antivirus runtime detection (spyware-put.rules)
 * 1:13813 <-> DISABLED <-> SPYWARE-PUT Trickler mm.exe runtime detection (spyware-put.rules)
 * 1:13828 <-> DISABLED <-> WEB-ACTIVEX sapi.dll ActiveX clsid access (web-activex.rules)
 * 1:13830 <-> DISABLED <-> WEB-ACTIVEX sapi.dll alternate killbit ActiveX clsid access (web-activex.rules)
 * 1:13832 <-> DISABLED <-> WEB-ACTIVEX backweb ActiveX clsid access (web-activex.rules)
 * 1:13847 <-> DISABLED <-> SPYWARE-PUT Adware phoenician casino runtime detection (spyware-put.rules)
 * 1:13848 <-> DISABLED <-> SPYWARE-PUT Trickler zwinky runtime detection (spyware-put.rules)
 * 1:13849 <-> DISABLED <-> SPYWARE-PUT Hijacker rcse 4.4 runtime detection - hijack ie browser (spyware-put.rules)
 * 1:1385 <-> DISABLED <-> WEB-MISC mod-plsql administration access (web-misc.rules)
 * 1:13850 <-> DISABLED <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - popup ads (spyware-put.rules)
 * 1:13851 <-> DISABLED <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - upgrade (spyware-put.rules)
 * 1:13852 <-> DISABLED <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules)
 * 1:13855 <-> DISABLED <-> SPYWARE-PUT Trackware speed runner runtime detection (spyware-put.rules)
 * 1:13866 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker-fc.gen.a runtime detection - popup ads (spyware-put.rules)
 * 1:13867 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker-fc.gen.a runtime detection (spyware-put.rules)
 * 1:13868 <-> DISABLED <-> SPYWARE-PUT Adware antispywaremaster runtime detection - start fake scanning (spyware-put.rules)
 * 1:13869 <-> DISABLED <-> SPYWARE-PUT Adware antispywaremaster runtime detection - sale/register request (spyware-put.rules)
 * 1:13870 <-> DISABLED <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - init conn (spyware-put.rules)
 * 1:13871 <-> DISABLED <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - ads (spyware-put.rules)
 * 1:13872 <-> DISABLED <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - notice (spyware-put.rules)
 * 1:13873 <-> DISABLED <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - underground traffic (spyware-put.rules)
 * 1:13874 <-> DISABLED <-> SPYWARE-PUT Adware malware destructor 4.5 runtime detection - order request (spyware-put.rules)
 * 1:13875 <-> DISABLED <-> SPYWARE-PUT Adware malware destructor 4.5 runtime detection - auto update (spyware-put.rules)
 * 1:13888 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13889 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13890 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:1392 <-> DISABLED <-> WEB-CGI lastlines.cgi access (web-cgi.rules)
 * 1:13930 <-> DISABLED <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - order/register request (spyware-put.rules)
 * 1:13931 <-> DISABLED <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - auto update (spyware-put.rules)
 * 1:13932 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - post user info to remote server (spyware-put.rules)
 * 1:13933 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules)
 * 1:13937 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - call home (spyware-put.rules)
 * 1:13938 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection (spyware-put.rules)
 * 1:13939 <-> DISABLED <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - auto update (spyware-put.rules)
 * 1:13940 <-> DISABLED <-> SPYWARE-PUT Hijacker win32.bho.bgf runtime detection (spyware-put.rules)
 * 1:13943 <-> DISABLED <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection (spyware-put.rules)
 * 1:13949 <-> DISABLED <-> DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (dns.rules)
 * 1:1395 <-> DISABLED <-> WEB-CGI zml.cgi attempt (web-cgi.rules)
 * 1:1396 <-> DISABLED <-> WEB-CGI zml.cgi access (web-cgi.rules)
 * 1:13960 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:13962 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MHTML zone control bypass attempt (web-client.rules)
 * 1:13964 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer span frontier parsing memory corruption (web-client.rules)
 * 1:1397 <-> DISABLED <-> WEB-CGI wayboard attempt (web-cgi.rules)
 * 1:13974 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer XHTML element memory corruption attempt (web-client.rules)
 * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules)
 * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules)
 * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules)
 * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules)
 * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules)
 * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules)
 * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules)
 * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules)
 * 1:1400 <-> DISABLED <-> WEB-IIS /scripts/samples/ access (web-iis.rules)
 * 1:1401 <-> DISABLED <-> WEB-IIS /msadc/samples/ access (web-iis.rules)
 * 1:1402 <-> DISABLED <-> WEB-IIS iissamples access (web-iis.rules)
 * 1:14033 <-> DISABLED <-> WEB-ACTIVEX Orbit Downloader ActiveX clsid access (web-activex.rules)
 * 1:14037 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX operation or printer-url parameter overflow attempt (web-activex.rules)
 * 1:14038 <-> DISABLED <-> WEB-ACTIVEX Novell iPrint ActiveX target-frame parameter overflow attempt (web-activex.rules)
 * 1:1405 <-> DISABLED <-> WEB-CGI AHG search.cgi access (web-cgi.rules)
 * 1:14054 <-> DISABLED <-> SPYWARE-PUT Adware AdwareALERT runtime detection - auto update (spyware-put.rules)
 * 1:14057 <-> DISABLED <-> SPYWARE-PUT Trackware murzilka2 runtime detection (spyware-put.rules)
 * 1:14059 <-> DISABLED <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - hijack ie home page (spyware-put.rules)
 * 1:1406 <-> DISABLED <-> WEB-CGI agora.cgi access (web-cgi.rules)
 * 1:14060 <-> DISABLED <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - auto update (spyware-put.rules)
 * 1:14061 <-> DISABLED <-> SPYWARE-PUT Trickler antimalware guard runtime detection - order/register request (spyware-put.rules)
 * 1:14062 <-> DISABLED <-> SPYWARE-PUT Trickler antimalware guard runtime detection - auto update (spyware-put.rules)
 * 1:14063 <-> DISABLED <-> SPYWARE-PUT Hijacker cashon runtime detection - hijack ie searches (spyware-put.rules)
 * 1:14064 <-> DISABLED <-> SPYWARE-PUT Hijacker cashon runtime detection - auto update (spyware-put.rules)
 * 1:14065 <-> DISABLED <-> SPYWARE-PUT Keylogger emptybase j runtime detection (spyware-put.rules)
 * 1:14066 <-> DISABLED <-> SPYWARE-PUT Adware winsecuredisc runtime detection (spyware-put.rules)
 * 1:14067 <-> DISABLED <-> SPYWARE-PUT Adware swizzor runtime detection (spyware-put.rules)
 * 1:14068 <-> DISABLED <-> SPYWARE-PUT Adware rond runtime detection (spyware-put.rules)
 * 1:14069 <-> DISABLED <-> SPYWARE-PUT Adware brave sentry runtime detection - order request (spyware-put.rules)
 * 1:14070 <-> DISABLED <-> SPYWARE-PUT Adware brave sentry runtime detection - self update (spyware-put.rules)
 * 1:14071 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (spyware-put.rules)
 * 1:14072 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (spyware-put.rules)
 * 1:14073 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware bho.gen runtime detection - prompt download page (spyware-put.rules)
 * 1:14076 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware win32 mostofate runtime detection - hijack search (spyware-put.rules)
 * 1:14077 <-> DISABLED <-> SPYWARE-PUT Hijacker Adware win32 mostofate runtime detection - redirect search results (spyware-put.rules)
 * 1:14078 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - download malicous code (spyware-put.rules)
 * 1:14079 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - connection to malicious sites (spyware-put.rules)
 * 1:14080 <-> DISABLED <-> SPYWARE-PUT Adware winspywareprotect runtime detection - connection to malicious server (spyware-put.rules)
 * 1:1433 <-> DISABLED <-> WEB-MISC .history access (web-misc.rules)
 * 1:1434 <-> DISABLED <-> WEB-MISC .bash_history access (web-misc.rules)
 * 1:1435 <-> DISABLED <-> DNS named authors attempt (dns.rules)
 * 1:1459 <-> DISABLED <-> WEB-CGI bb-histlog.sh access (web-cgi.rules)
 * 1:1460 <-> DISABLED <-> WEB-CGI bb-histsvc.sh access (web-cgi.rules)
 * 1:1461 <-> DISABLED <-> WEB-CGI bb-rep.sh access (web-cgi.rules)
 * 1:1462 <-> DISABLED <-> WEB-CGI bb-replog.sh access (web-cgi.rules)
 * 1:14647 <-> ENABLED <-> NETBIOS SMB Search Search filename size integer underflow attempt (netbios.rules)
 * 1:14648 <-> ENABLED <-> NETBIOS SMB Search unicode Search filename size integer underflow attempt (netbios.rules)
 * 1:14649 <-> ENABLED <-> NETBIOS SMB Search Search filename size integer underflow attempt (netbios.rules)
 * 1:1465 <-> DISABLED <-> WEB-CGI auktion.cgi access (web-cgi.rules)
 * 1:14650 <-> ENABLED <-> NETBIOS SMB Search unicode Search filename size integer underflow attempt (netbios.rules)
 * 1:14651 <-> ENABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt (netbios.rules)
 * 1:14652 <-> ENABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt (netbios.rules)
 * 1:14653 <-> DISABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt (netbios.rules)
 * 1:14654 <-> DISABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt (netbios.rules)
 * 1:1466 <-> DISABLED <-> WEB-CGI cgiforum.pl access (web-cgi.rules)
 * 1:14661 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (netbios.rules)
 * 1:1467 <-> DISABLED <-> WEB-CGI directorypro.cgi access (web-cgi.rules)
 * 1:1468 <-> DISABLED <-> WEB-CGI Web Shopper shopper.cgi attempt (web-cgi.rules)
 * 1:1469 <-> DISABLED <-> WEB-CGI Web Shopper shopper.cgi access (web-cgi.rules)
 * 1:1470 <-> DISABLED <-> WEB-CGI listrec.pl access (web-cgi.rules)
 * 1:14709 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian attempt (netbios.rules)
 * 1:1471 <-> DISABLED <-> WEB-CGI mailnews.cgi access (web-cgi.rules)
 * 1:14710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (netbios.rules)
 * 1:14711 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response little endian attempt (netbios.rules)
 * 1:14712 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian attempt (netbios.rules)
 * 1:14713 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response attempt (netbios.rules)
 * 1:14714 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode attempt (netbios.rules)
 * 1:14715 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX attempt (netbios.rules)
 * 1:14716 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode attempt (netbios.rules)
 * 1:14717 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian andx attempt (netbios.rules)
 * 1:14718 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response unicode little endian andx attempt (netbios.rules)
 * 1:14719 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response little endian andx attempt (netbios.rules)
 * 1:1472 <-> DISABLED <-> WEB-CGI book.cgi access (web-cgi.rules)
 * 1:14720 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian andx attempt (netbios.rules)
 * 1:14721 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response andx attempt (netbios.rules)
 * 1:14722 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response unicode andx attempt (netbios.rules)
 * 1:14723 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX andx attempt (netbios.rules)
 * 1:14724 <-> DISABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode andx attempt (netbios.rules)
 * 1:14725 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (netbios.rules)
 * 1:14726 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (netbios.rules)
 * 1:1473 <-> DISABLED <-> WEB-CGI newsdesk.cgi access (web-cgi.rules)
 * 1:14737 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt (netbios.rules)
 * 1:1474 <-> DISABLED <-> WEB-CGI cal_make.pl access (web-cgi.rules)
 * 1:1475 <-> DISABLED <-> WEB-CGI mailit.pl access (web-cgi.rules)
 * 1:1476 <-> DISABLED <-> WEB-CGI sdbsearch.cgi access (web-cgi.rules)
 * 1:1478 <-> DISABLED <-> WEB-CGI swc access (web-cgi.rules)
 * 1:14782 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (netbios.rules)
 * 1:14783 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (netbios.rules)
 * 1:1479 <-> DISABLED <-> WEB-CGI ttawebtop.cgi arbitrary file attempt (web-cgi.rules)
 * 1:1480 <-> DISABLED <-> WEB-CGI ttawebtop.cgi access (web-cgi.rules)
 * 1:1481 <-> DISABLED <-> WEB-CGI upload.cgi access (web-cgi.rules)
 * 1:1482 <-> DISABLED <-> WEB-CGI view_source access (web-cgi.rules)
 * 1:1483 <-> DISABLED <-> WEB-CGI ustorekeeper.pl access (web-cgi.rules)
 * 1:1485 <-> DISABLED <-> WEB-IIS mkilog.exe access (web-iis.rules)
 * 1:1486 <-> DISABLED <-> WEB-IIS ctss.idc access (web-iis.rules)
 * 1:1487 <-> DISABLED <-> WEB-IIS /iisadmpwd/aexp2.htr access (web-iis.rules)
 * 1:1488 <-> DISABLED <-> WEB-CGI store.cgi directory traversal attempt (web-cgi.rules)
 * 1:1489 <-> DISABLED <-> WEB-MISC /~nobody access (web-misc.rules)
 * 1:1492 <-> DISABLED <-> WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules)
 * 1:1493 <-> DISABLED <-> WEB-MISC RBS ISP /newuser access (web-misc.rules)
 * 1:1494 <-> DISABLED <-> WEB-CGI SIX webboard generate.cgi attempt (web-cgi.rules)
 * 1:1495 <-> DISABLED <-> WEB-CGI SIX webboard generate.cgi access (web-cgi.rules)
 * 1:1496 <-> DISABLED <-> WEB-CGI spin_client.cgi access (web-cgi.rules)
 * 1:1500 <-> DISABLED <-> WEB-MISC ExAir access (web-misc.rules)
 * 1:1501 <-> DISABLED <-> WEB-CGI a1stats a1disp3.cgi directory traversal attempt (web-cgi.rules)
 * 1:15015 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (netbios.rules)
 * 1:1502 <-> DISABLED <-> WEB-CGI a1stats a1disp3.cgi access (web-cgi.rules)
 * 1:1503 <-> DISABLED <-> WEB-CGI admentor admin.asp access (web-cgi.rules)
 * 1:1505 <-> DISABLED <-> WEB-CGI alchemy http server PRN arbitrary command execution attempt (web-cgi.rules)
 * 1:1506 <-> DISABLED <-> WEB-CGI alchemy http server NUL arbitrary command execution attempt (web-cgi.rules)
 * 1:1507 <-> DISABLED <-> WEB-CGI alibaba.pl arbitrary command execution attempt (web-cgi.rules)
 * 1:1508 <-> DISABLED <-> WEB-CGI alibaba.pl access (web-cgi.rules)
 * 1:1509 <-> DISABLED <-> WEB-CGI AltaVista Intranet Search directory traversal attempt (web-cgi.rules)
 * 1:1510 <-> DISABLED <-> WEB-CGI test.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:1511 <-> DISABLED <-> WEB-CGI test.bat access (web-cgi.rules)
 * 1:15115 <-> DISABLED <-> WEB-CLIENT Microsoft Windows WebDAV pathname buffer overflow attempt (web-client.rules)
 * 1:1512 <-> DISABLED <-> WEB-CGI input.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:15127 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules)
 * 1:15128 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules)
 * 1:15129 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules)
 * 1:1513 <-> DISABLED <-> WEB-CGI input.bat access (web-cgi.rules)
 * 1:15130 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules)
 * 1:15131 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules)
 * 1:15132 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules)
 * 1:15133 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules)
 * 1:15134 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules)
 * 1:1514 <-> DISABLED <-> WEB-CGI input2.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:1515 <-> DISABLED <-> WEB-CGI input2.bat access (web-cgi.rules)
 * 1:1516 <-> DISABLED <-> WEB-CGI envout.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules)
 * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules)
 * 1:1517 <-> DISABLED <-> WEB-CGI envout.bat access (web-cgi.rules)
 * 1:1519 <-> DISABLED <-> WEB-MISC apache ?M=D directory list attempt (web-misc.rules)
 * 1:15196 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt (netbios.rules)
 * 1:15197 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt (netbios.rules)
 * 1:15198 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt (netbios.rules)
 * 1:15199 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt (netbios.rules)
 * 1:1520 <-> DISABLED <-> WEB-MISC server-info access (web-misc.rules)
 * 1:15200 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt (netbios.rules)
 * 1:15201 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt (netbios.rules)
 * 1:15202 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt (netbios.rules)
 * 1:15203 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt (netbios.rules)
 * 1:15204 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt (netbios.rules)
 * 1:15205 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt (netbios.rules)
 * 1:15206 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt (netbios.rules)
 * 1:15207 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt (netbios.rules)
 * 1:15208 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (netbios.rules)
 * 1:15209 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (netbios.rules)
 * 1:1521 <-> DISABLED <-> WEB-MISC server-status access (web-misc.rules)
 * 1:15210 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt (netbios.rules)
 * 1:15211 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt (netbios.rules)
 * 1:15212 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt (netbios.rules)
 * 1:15213 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt (netbios.rules)
 * 1:15214 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt (netbios.rules)
 * 1:15215 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt (netbios.rules)
 * 1:15216 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt (netbios.rules)
 * 1:15217 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (netbios.rules)
 * 1:15218 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt (netbios.rules)
 * 1:15219 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (netbios.rules)
 * 1:1522 <-> DISABLED <-> WEB-MISC ans.pl attempt (web-misc.rules)
 * 1:15220 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt (netbios.rules)
 * 1:15221 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt (netbios.rules)
 * 1:15222 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt (netbios.rules)
 * 1:15223 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt (netbios.rules)
 * 1:15224 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt (netbios.rules)
 * 1:15225 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt (netbios.rules)
 * 1:15226 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt (netbios.rules)
 * 1:15227 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt (netbios.rules)
 * 1:1523 <-> DISABLED <-> WEB-MISC ans.pl access (web-misc.rules)
 * 1:1524 <-> DISABLED <-> WEB-MISC Axis Storpoint CD attempt (web-misc.rules)
 * 1:1525 <-> DISABLED <-> WEB-MISC Axis Storpoint CD access (web-misc.rules)
 * 1:15259 <-> DISABLED <-> DOS DNS root query traffic amplification attempt (dos.rules)
 * 1:1526 <-> DISABLED <-> WEB-MISC basilix sendmail.inc access (web-misc.rules)
 * 1:15260 <-> DISABLED <-> DOS DNS root query response traffic amplification attempt (dos.rules)
 * 1:1527 <-> DISABLED <-> WEB-MISC basilix mysql.class access (web-misc.rules)
 * 1:1528 <-> DISABLED <-> WEB-MISC BBoard access (web-misc.rules)
 * 1:1531 <-> DISABLED <-> WEB-CGI bb-hist.sh attempt (web-cgi.rules)
 * 1:1532 <-> DISABLED <-> WEB-CGI bb-hostscv.sh attempt (web-cgi.rules)
 * 1:15321 <-> DISABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> DISABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15325 <-> DISABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> DISABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:1533 <-> DISABLED <-> WEB-CGI bb-hostscv.sh access (web-cgi.rules)
 * 1:1534 <-> DISABLED <-> WEB-CGI agora.cgi attempt (web-cgi.rules)
 * 1:1535 <-> DISABLED <-> WEB-CGI bizdbsearch access (web-cgi.rules)
 * 1:15387 <-> DISABLED <-> NETBIOS udp WINS WPAD registration attempt (netbios.rules)
 * 1:1539 <-> DISABLED <-> WEB-CGI /cgi-bin/ls access (web-cgi.rules)
 * 1:1540 <-> DISABLED <-> WEB-COLDFUSION ?Mode=debug attempt (web-coldfusion.rules)
 * 1:1542 <-> DISABLED <-> WEB-CGI cgimail access (web-cgi.rules)
 * 1:1543 <-> DISABLED <-> WEB-CGI cgiwrap access (web-cgi.rules)
 * 1:1544 <-> DISABLED <-> WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules)
 * 1:1546 <-> DISABLED <-> WEB-MISC Cisco /%% DOS attempt (web-misc.rules)
 * 1:1547 <-> DISABLED <-> WEB-CGI csSearch.cgi arbitrary command execution attempt (web-cgi.rules)
 * 1:15476 <-> DISABLED <-> SPYWARE-PUT Waledac spam bot HTTP POST request (spyware-put.rules)
 * 1:1548 <-> DISABLED <-> WEB-CGI csSearch.cgi access (web-cgi.rules)
 * 1:1551 <-> DISABLED <-> WEB-MISC /CVS/Entries access (web-misc.rules)
 * 1:1552 <-> DISABLED <-> WEB-MISC cvsweb version access (web-misc.rules)
 * 1:15531 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Unexpected method call remote code execution attempt (web-client.rules)
 * 1:15535 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setCapture heap corruption exploit attempt (web-client.rules)
 * 1:15538 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules)
 * 1:1554 <-> DISABLED <-> WEB-CGI dbman db.cgi access (web-cgi.rules)
 * 1:1555 <-> DISABLED <-> WEB-CGI DCShop access (web-cgi.rules)
 * 1:1556 <-> DISABLED <-> WEB-CGI DCShop orders.txt access (web-cgi.rules)
 * 1:1557 <-> DISABLED <-> WEB-CGI DCShop auth_user_file.txt access (web-cgi.rules)
 * 1:1559 <-> DISABLED <-> WEB-MISC /doc/packages access (web-misc.rules)
 * 1:1560 <-> DISABLED <-> WEB-MISC /doc/ access (web-misc.rules)
 * 1:1563 <-> DISABLED <-> WEB-MISC login.htm attempt (web-misc.rules)
 * 1:1564 <-> DISABLED <-> WEB-MISC login.htm access (web-misc.rules)
 * 1:1565 <-> DISABLED <-> WEB-CGI eshop.pl arbitrary command execution attempt (web-cgi.rules)
 * 1:1566 <-> DISABLED <-> WEB-CGI eshop.pl access (web-cgi.rules)
 * 1:1567 <-> DISABLED <-> WEB-IIS /exchange/root.asp attempt (web-iis.rules)
 * 1:15679 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (specific-threats.rules)
 * 1:1568 <-> DISABLED <-> WEB-IIS /exchange/root.asp access (web-iis.rules)
 * 1:15684 <-> DISABLED <-> EXPLOIT Multiple product snews uri handling code execution attempt (exploit.rules)
 * 1:1569 <-> DISABLED <-> WEB-CGI loadpage.cgi directory traversal attempt (web-cgi.rules)
 * 1:15698 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:1570 <-> DISABLED <-> WEB-CGI loadpage.cgi access (web-cgi.rules)
 * 1:1572 <-> DISABLED <-> WEB-CGI commerce.cgi arbitrary file access attempt (web-cgi.rules)
 * 1:1573 <-> DISABLED <-> WEB-CGI cgiforum.pl attempt (web-cgi.rules)
 * 1:1574 <-> DISABLED <-> WEB-CGI directorypro.cgi attempt (web-cgi.rules)
 * 1:1575 <-> DISABLED <-> WEB-MISC Domino mab.nsf access (web-misc.rules)
 * 1:1576 <-> DISABLED <-> WEB-MISC Domino cersvr.nsf access (web-misc.rules)
 * 1:1577 <-> DISABLED <-> WEB-MISC Domino setup.nsf access (web-misc.rules)
 * 1:1578 <-> DISABLED <-> WEB-MISC Domino statrep.nsf access (web-misc.rules)
 * 1:1579 <-> DISABLED <-> WEB-MISC Domino webadmin.nsf access (web-misc.rules)
 * 1:1580 <-> DISABLED <-> WEB-MISC Domino events4.nsf access (web-misc.rules)
 * 1:1581 <-> DISABLED <-> WEB-MISC Domino ntsync4.nsf access (web-misc.rules)
 * 1:1582 <-> DISABLED <-> WEB-MISC Domino collect4.nsf access (web-misc.rules)
 * 1:1583 <-> DISABLED <-> WEB-MISC Domino mailw46.nsf access (web-misc.rules)
 * 1:1584 <-> DISABLED <-> WEB-MISC Domino bookmark.nsf access (web-misc.rules)
 * 1:1585 <-> DISABLED <-> WEB-MISC Domino agentrunner.nsf access (web-misc.rules)
 * 1:15855 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX function call access (web-activex.rules)
 * 1:1586 <-> DISABLED <-> WEB-MISC Domino mail.box access (web-misc.rules)
 * 1:15860 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (netbios.rules)
 * 1:1587 <-> DISABLED <-> WEB-MISC cgitest.exe access (web-misc.rules)
 * 1:15873 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox location spoofing via invalid window.open characters (web-client.rules)
 * 1:1588 <-> DISABLED <-> WEB-MISC SalesLogix Eviewer access (web-misc.rules)
 * 1:15880 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer popup window object tag code execution attempt (specific-threats.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:1589 <-> DISABLED <-> WEB-MISC musicat empower attempt (web-misc.rules)
 * 1:15893 <-> DISABLED <-> WEB-CLIENT fCreateShellLink function use - potential attack (web-client.rules)
 * 1:15894 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt (specific-threats.rules)
 * 1:1590 <-> DISABLED <-> WEB-CGI faqmanager.cgi arbitrary file access attempt (web-cgi.rules)
 * 1:1591 <-> DISABLED <-> WEB-CGI faqmanager.cgi access (web-cgi.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:1592 <-> DISABLED <-> WEB-CGI /fcgi-bin/echo.exe access (web-cgi.rules)
 * 1:1593 <-> DISABLED <-> WEB-CGI FormHandler.cgi external site redirection attempt (web-cgi.rules)
 * 1:15933 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer URL canonicalization address bar spoofing attempt (web-client.rules)
 * 1:15934 <-> DISABLED <-> DNS dns response for rfc1918 172.16/12 address detected (dns.rules)
 * 1:15935 <-> DISABLED <-> DNS dns response for rfc1918 192.168/16 address detected (dns.rules)
 * 1:1594 <-> DISABLED <-> WEB-CGI FormHandler.cgi access (web-cgi.rules)
 * 1:15949 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA file handling overflow attempt (specific-threats.rules)
 * 1:1595 <-> DISABLED <-> WEB-IIS htimage.exe access (web-iis.rules)
 * 1:15950 <-> DISABLED <-> SPECIFIC-THREATS McAfee LHA Type-2 file handling overflow attempt (specific-threats.rules)
 * 1:15966 <-> DISABLED <-> SPECIFIC-THREATS F-Secure Anti-Virus LHA processing buffer overflow attempt (specific-threats.rules)
 * 1:1597 <-> DISABLED <-> WEB-CGI guestbook.cgi access (web-cgi.rules)
 * 1:1598 <-> DISABLED <-> WEB-CGI Home Free search.cgi directory traversal attempt (web-cgi.rules)
 * 1:15980 <-> DISABLED <-> WEB-MISC Apache mod_ssl hook functions format string attempt (web-misc.rules)
 * 1:15981 <-> DISABLED <-> SPECIFIC-THREATS zlib Denial of Service (specific-threats.rules)
 * 1:1599 <-> DISABLED <-> WEB-CGI search.cgi access (web-cgi.rules)
 * 1:15992 <-> DISABLED <-> SPECIFIC-THREATS Trend Micro Products Antivirus Library overflow attempt (specific-threats.rules)
 * 1:1600 <-> DISABLED <-> WEB-CGI htsearch arbitrary configuration file attempt (web-cgi.rules)
 * 1:1601 <-> DISABLED <-> WEB-CGI htsearch arbitrary file read attempt (web-cgi.rules)
 * 1:1602 <-> DISABLED <-> WEB-CGI htsearch access (web-cgi.rules)
 * 1:16024 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Function focus overflow attempt (specific-threats.rules)
 * 1:1603 <-> DISABLED <-> WEB-MISC DELETE attempt (web-misc.rules)
 * 1:16043 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer html tag memory corruption attempt (web-client.rules)
 * 1:16044 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox CSS Letter-Spacing overflow attempt (web-client.rules)
 * 1:16050 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox tag order memory corruption attempt (web-client.rules)
 * 1:16053 <-> DISABLED <-> WEB-CLIENT GNU tar PAX extended headers handling overflow attempt (web-client.rules)
 * 1:1606 <-> DISABLED <-> WEB-CGI icat access (web-cgi.rules)
 * 1:16062 <-> DISABLED <-> MISC ACD Systems ACDSee Products XPM values section buffer overflow attempt (misc.rules)
 * 1:16068 <-> DISABLED <-> SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit (specific-threats.rules)
 * 1:1611 <-> DISABLED <-> WEB-CGI eXtropia webstore access (web-cgi.rules)
 * 1:16116 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (spyware-put.rules)
 * 1:16117 <-> DISABLED <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules)
 * 1:16118 <-> DISABLED <-> SPYWARE-PUT Adware winreanimator runtime detection - register request (spyware-put.rules)
 * 1:16119 <-> DISABLED <-> SPYWARE-PUT Adware winreanimator runtime detection - daily update (spyware-put.rules)
 * 1:1612 <-> DISABLED <-> WEB-MISC ftp.pl attempt (web-misc.rules)
 * 1:16121 <-> DISABLED <-> SPYWARE-PUT Hijacker weatherstudio runtime detection (spyware-put.rules)
 * 1:16122 <-> DISABLED <-> SPYWARE-PUT rogue antivirus xp 2008 runtime detection - buy (spyware-put.rules)
 * 1:16123 <-> DISABLED <-> SPYWARE-PUT rogue antivirus xp 2008 runtime detection - update (spyware-put.rules)
 * 1:16126 <-> DISABLED <-> SPYWARE-PUT Trickler virusremover 2008 runtime detection (spyware-put.rules)
 * 1:16127 <-> DISABLED <-> SPYWARE-PUT Adware superiorads runtime detection (spyware-put.rules)
 * 1:16129 <-> DISABLED <-> SPYWARE-PUT Keylogger kamyab Keylogger v.3 runtime detection (spyware-put.rules)
 * 1:1613 <-> DISABLED <-> WEB-MISC handler attempt (web-misc.rules)
 * 1:16130 <-> DISABLED <-> SPYWARE-PUT Keylogger lord spy pro 1.4 runtime detection (spyware-put.rules)
 * 1:16131 <-> DISABLED <-> SPYWARE-PUT Trackware adclicker trojan zlob.dnz runtime detection - ads (spyware-put.rules)
 * 1:16132 <-> DISABLED <-> SPYWARE-PUT Trackware owlforce runtime detection - remote server #1 (spyware-put.rules)
 * 1:16133 <-> DISABLED <-> SPYWARE-PUT Trackware owlforce runtime detection - remote server #2 (spyware-put.rules)
 * 1:16134 <-> DISABLED <-> SPYWARE-PUT Adware spyware guard 2008 runtime detection - contacts remote server (spyware-put.rules)
 * 1:16135 <-> DISABLED <-> SPYWARE-PUT Adware spyware guard 2008 runtime detection - purchase page (spyware-put.rules)
 * 1:16136 <-> DISABLED <-> SPYWARE-PUT Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (spyware-put.rules)
 * 1:16138 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (spyware-put.rules)
 * 1:1614 <-> DISABLED <-> WEB-MISC Novell Groupwise gwweb.exe attempt (web-misc.rules)
 * 1:16141 <-> DISABLED <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules)
 * 1:1615 <-> DISABLED <-> WEB-MISC htgrep attempt (web-misc.rules)
 * 1:16151 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer unitialized or deleted object access attempt (web-client.rules)
 * 1:16155 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer indexing service malformed parameters (web-client.rules)
 * 1:1616 <-> DISABLED <-> DNS named version attempt (dns.rules)
 * 1:16169 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:1617 <-> DISABLED <-> WEB-CGI Bugzilla doeditvotes.cgi access (web-cgi.rules)
 * 1:1618 <-> DISABLED <-> WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules)
 * 1:16218 <-> DISABLED <-> WEB-MISC Content-Length request offset smuggling attempt (web-misc.rules)
 * 1:16238 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (netbios.rules)
 * 1:16239 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (netbios.rules)
 * 1:1626 <-> DISABLED <-> WEB-IIS /StoreCSVS/InstantOrder.asmx request (web-iis.rules)
 * 1:16276 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl runtime detection (spyware-put.rules)
 * 1:16277 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl installtime detection - downloads malicious files (spyware-put.rules)
 * 1:16278 <-> DISABLED <-> SPYWARE-PUT Trickler win32-fakealert.kl installime detection - updates remote server (spyware-put.rules)
 * 1:1628 <-> DISABLED <-> WEB-CGI FormHandler.cgi directory traversal attempt attempt (web-cgi.rules)
 * 1:16310 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16315 <-> DISABLED <-> WEB-MISC Adobe Flash PlugIn check if file exists attempt (web-misc.rules)
 * 1:16330 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer orphan DOM objects memory corruption attempt (web-client.rules)
 * 1:16335 <-> DISABLED <-> WEB-CLIENT xpdf ObjectStream integer overflow (web-client.rules)
 * 1:16336 <-> DISABLED <-> WEB-CLIENT Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (web-client.rules)
 * 1:16340 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media Player DHTML Editing ActiveX clsid access (specific-threats.rules)
 * 1:16381 <-> DISABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16386 <-> DISABLED <-> WEB-ACTIVEX AcroPDF.PDF ActiveX clsid access (web-activex.rules)
 * 1:16388 <-> DISABLED <-> WEB-ACTIVEX AcroPDF.PDF ActiveX function call access (web-activex.rules)
 * 1:16397 <-> DISABLED <-> NETBIOS SMB andx invalid server name share access (netbios.rules)
 * 1:16398 <-> DISABLED <-> NETBIOS SMB invalid server name share access (netbios.rules)
 * 1:16399 <-> DISABLED <-> NETBIOS SMB unicode andx invalid server name share access (netbios.rules)
 * 1:16400 <-> DISABLED <-> NETBIOS SMB unicode invalid server name share access (netbios.rules)
 * 1:16401 <-> DISABLED <-> NETBIOS SMB andx invalid server name share access (netbios.rules)
 * 1:16402 <-> DISABLED <-> NETBIOS SMB invalid server name share access (netbios.rules)
 * 1:16403 <-> DISABLED <-> NETBIOS SMB unicode andx invalid server name share access (netbios.rules)
 * 1:16404 <-> DISABLED <-> NETBIOS SMB unicode invalid server name share access (netbios.rules)
 * 1:16417 <-> ENABLED <-> NETBIOS SMB Negotiate Protocol Response overflow attempt (netbios.rules)
 * 1:1642 <-> DISABLED <-> WEB-CGI document.d2w access (web-cgi.rules)
 * 1:1643 <-> DISABLED <-> WEB-CGI db2www access (web-cgi.rules)
 * 1:16456 <-> DISABLED <-> SPYWARE-PUT Rogue-Software ang antivirus 09 runtime detection (spyware-put.rules)
 * 1:1646 <-> DISABLED <-> WEB-CGI test.cgi access (web-cgi.rules)
 * 1:1648 <-> DISABLED <-> WEB-CGI perl.exe command attempt (web-cgi.rules)
 * 1:1649 <-> DISABLED <-> WEB-CGI perl command attempt (web-cgi.rules)
 * 1:16498 <-> ENABLED <-> SPYWARE-PUT PC Antispyware 2010 FakeAV download/update attempt (spyware-put.rules)
 * 1:1650 <-> DISABLED <-> WEB-CGI tst.bat access (web-cgi.rules)
 * 1:16508 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (web-client.rules)
 * 1:1651 <-> DISABLED <-> WEB-CGI environ.pl access (web-cgi.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16539 <-> ENABLED <-> NETBIOS SMBv1 BytesNeeded ring0 buffer overflow attempt (netbios.rules)
 * 1:1654 <-> DISABLED <-> WEB-CGI cart32.exe access (web-cgi.rules)
 * 1:16540 <-> DISABLED <-> NETBIOS SMB2 client NetBufferList NULL entry remote code execution attempt (netbios.rules)
 * 1:1655 <-> DISABLED <-> WEB-CGI pfdispaly.cgi arbitrary command execution attempt (web-cgi.rules)
 * 1:16556 <-> DISABLED <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules)
 * 1:16557 <-> DISABLED <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm inbound communication attempt (specific-threats.rules)
 * 1:1656 <-> DISABLED <-> WEB-CGI pfdispaly.cgi access (web-cgi.rules)
 * 1:1657 <-> DISABLED <-> WEB-CGI pagelog.cgi directory traversal attempt (web-cgi.rules)
 * 1:16575 <-> DISABLED <-> SPECIFIC-THREATS RKD Software BarCode ActiveX buffer overflow attempt (specific-threats.rules)
 * 1:1658 <-> DISABLED <-> WEB-CGI pagelog.cgi access (web-cgi.rules)
 * 1:16580 <-> DISABLED <-> SPECIFIC-THREATS NCTAudioFile2 ActiveX clsid access via object tag (specific-threats.rules)
 * 1:16581 <-> DISABLED <-> SPECIFIC-THREATS Persits Software XUpload ActiveX clsid unsafe function access attempt (specific-threats.rules)
 * 1:16582 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:16587 <-> DISABLED <-> SPECIFIC-THREATS Symantec multiple products AeXNSConsoleUtilities buffer overflow attempt (specific-threats.rules)
 * 1:1659 <-> DISABLED <-> WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules)
 * 1:16590 <-> DISABLED <-> SPECIFIC-THREATS Oracle EasyMail Objects ActiveX exploit attempt (specific-threats.rules)
 * 1:16591 <-> DISABLED <-> SPECIFIC-THREATS Oracle EasyMail Objects ActiveX exploit attempt (specific-threats.rules)
 * 1:16596 <-> DISABLED <-> WEB-CLIENT Apple Safari information disclosure and remote code execution attempt (web-client.rules)
 * 1:1660 <-> DISABLED <-> WEB-IIS trace.axd access (web-iis.rules)
 * 1:16601 <-> DISABLED <-> WEB-CLIENT Amaya web editor XML and HTML Parser Buffer overflow attempt (web-client.rules)
 * 1:16602 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow 3 ActiveX exploit via JavaScript (specific-threats.rules)
 * 1:16607 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer RAM Download Handler ActiveX exploit attempt (specific-threats.rules)
 * 1:16608 <-> DISABLED <-> SPECIFIC-THREATS HP Mercury Quality Center SPIDERLib ActiveX buffer overflow attempt (specific-threats.rules)
 * 1:16609 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (specific-threats.rules)
 * 1:16610 <-> DISABLED <-> SPECIFIC-THREATS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (specific-threats.rules)
 * 1:1662 <-> DISABLED <-> WEB-MISC /~ftp access (web-misc.rules)
 * 1:1663 <-> DISABLED <-> WEB-MISC *%20.pl access (web-misc.rules)
 * 1:16632 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari image use after reparent attempt (specific-threats.rules)
 * 1:1664 <-> DISABLED <-> WEB-MISC mkplog.exe access (web-misc.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:1667 <-> DISABLED <-> WEB-MISC cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
 * 1:16671 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino Web Access ActiveX exploit attempt (specific-threats.rules)
 * 1:16675 <-> DISABLED <-> SPECIFIC-THREATS CA BrightStor ListCtrl ActiveX exploit attempt (specific-threats.rules)
 * 1:1668 <-> DISABLED <-> WEB-CGI /cgi-bin/ access (web-cgi.rules)
 * 1:1669 <-> DISABLED <-> WEB-CGI /cgi-dos/ access (web-cgi.rules)
 * 1:16690 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt (specific-threats.rules)
 * 1:16696 <-> DISABLED <-> WEB-CLIENT Astonsoft Deepburner db file path buffer overflow attempt (web-client.rules)
 * 1:1670 <-> DISABLED <-> WEB-MISC /home/ftp access (web-misc.rules)
 * 1:1671 <-> DISABLED <-> WEB-MISC /home/www access (web-misc.rules)
 * 1:16725 <-> DISABLED <-> SPECIFIC-THREATS ActivePDF WebGrabber APWebGrb.ocx GetStatus method overflow attempt (specific-threats.rules)
 * 1:16735 <-> DISABLED <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules)
 * 1:16737 <-> DISABLED <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 1 (specific-threats.rules)
 * 1:16744 <-> DISABLED <-> WEB-CLIENT Worldweaver DX Studio Player plug-in command injection attempt (web-client.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules)
 * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules)
 * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules)
 * 1:16787 <-> DISABLED <-> SPECIFIC-THREATS Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (specific-threats.rules)
 * 1:16798 <-> DISABLED <-> SPECIFIC-THREATS Orbit Downloader long URL buffer overflow attempt (specific-threats.rules)
 * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules)
 * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules)
 * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules)
 * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules)
 * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules)
 * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules)
 * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules)
 * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules)
 * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules)
 * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules)
 * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules)
 * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules)
 * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules)
 * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules)
 * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules)
 * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules)
 * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules)
 * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules)
 * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules)
 * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules)
 * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules)
 * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules)
 * 1:1702 <-> DISABLED <-> WEB-CGI Amaya templates sendtemp.pl access (web-cgi.rules)
 * 1:1703 <-> DISABLED <-> WEB-CGI auktion.cgi directory traversal attempt (web-cgi.rules)
 * 1:1704 <-> DISABLED <-> WEB-CGI cal_make.pl directory traversal attempt (web-cgi.rules)
 * 1:1705 <-> DISABLED <-> WEB-CGI echo.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:1706 <-> DISABLED <-> WEB-CGI echo.bat access (web-cgi.rules)
 * 1:1707 <-> DISABLED <-> WEB-CGI hello.bat arbitrary command execution attempt (web-cgi.rules)
 * 1:17077 <-> DISABLED <-> SPECIFIC-THREATS Ask Toolbar AskJeevesToolBar.SettingsPlugin.1 ActiveX control buffer overflow attempt (specific-threats.rules)
 * 1:1708 <-> DISABLED <-> WEB-CGI hello.bat access (web-cgi.rules)
 * 1:1709 <-> DISABLED <-> WEB-CGI ad.cgi access (web-cgi.rules)
 * 1:1710 <-> DISABLED <-> WEB-CGI bbs_forum.cgi access (web-cgi.rules)
 * 1:17106 <-> DISABLED <-> FILE-IDENTIFY download of RMF file - potentially malicious (file-identify.rules)
 * 1:1711 <-> DISABLED <-> WEB-CGI bsguest.cgi access (web-cgi.rules)
 * 1:1712 <-> DISABLED <-> WEB-CGI bslist.cgi access (web-cgi.rules)
 * 1:17125 <-> DISABLED <-> NETBIOS SMB Trans2 MaxDataCount overflow attempt (netbios.rules)
 * 1:1713 <-> DISABLED <-> WEB-CGI cgforum.cgi access (web-cgi.rules)
 * 1:17133 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:1714 <-> DISABLED <-> WEB-CGI newdesk access (web-cgi.rules)
 * 1:1715 <-> DISABLED <-> WEB-CGI register.cgi access (web-cgi.rules)
 * 1:1716 <-> DISABLED <-> WEB-CGI gbook.cgi access (web-cgi.rules)
 * 1:17160 <-> DISABLED <-> SPECIFIC-THREATS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (specific-threats.rules)
 * 1:1717 <-> DISABLED <-> WEB-CGI simplestguest.cgi access (web-cgi.rules)
 * 1:1718 <-> DISABLED <-> WEB-CGI statsconfig.pl access (web-cgi.rules)
 * 1:1719 <-> DISABLED <-> WEB-CGI talkback.cgi directory traversal attempt (web-cgi.rules)
 * 1:1720 <-> DISABLED <-> WEB-CGI talkback.cgi access (web-cgi.rules)
 * 1:1721 <-> DISABLED <-> WEB-CGI adcycle access (web-cgi.rules)
 * 1:17213 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17216 <-> DISABLED <-> WEB-CLIENT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (web-client.rules)
 * 1:17217 <-> DISABLED <-> WEB-CLIENT Apple Safari invalid FRAME tag remote code execution attempt (web-client.rules)
 * 1:17218 <-> DISABLED <-> WEB-CLIENT Apple Safari LI tag with large VALUE attribute exploit attempt (web-client.rules)
 * 1:1722 <-> DISABLED <-> WEB-CGI MachineInfo access (web-cgi.rules)
 * 1:17223 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player navigateToURL cross-site scripting attempt (specific-threats.rules)
 * 1:1723 <-> DISABLED <-> WEB-CGI emumail.cgi NULL attempt (web-cgi.rules)
 * 1:1724 <-> DISABLED <-> WEB-CGI emumail.cgi access (web-cgi.rules)
 * 1:17244 <-> DISABLED <-> SPECIFIC-THREATS Antivirus ACE file handling buffer overflow attempt (specific-threats.rules)
 * 1:1725 <-> DISABLED <-> WEB-IIS +.htr code fragment attempt (web-iis.rules)
 * 1:17252 <-> DISABLED <-> NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt (netbios.rules)
 * 1:1726 <-> DISABLED <-> WEB-IIS doctodep.btr access (web-iis.rules)
 * 1:1727 <-> DISABLED <-> WEB-CGI SGI InfoSearch fname access (web-cgi.rules)
 * 1:17294 <-> DISABLED <-> DOS Microsoft Windows NAT Helper DNS query denial of service attempt (dos.rules)
 * 1:1730 <-> DISABLED <-> WEB-CGI ustorekeeper.pl directory traversal attempt (web-cgi.rules)
 * 1:1731 <-> DISABLED <-> WEB-CGI a1stats access (web-cgi.rules)
 * 1:17311 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (specific-threats.rules)
 * 1:17316 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Folder GUID Code Execution attempt (web-client.rules)
 * 1:1735 <-> DISABLED <-> WEB-CLIENT XMLHttpRequest attempt (web-client.rules)
 * 1:1738 <-> DISABLED <-> WEB-MISC global.inc access (web-misc.rules)
 * 1:17384 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt (web-client.rules)
 * 1:17385 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt (web-client.rules)
 * 1:17413 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Jet DB Engine Buffer Overflow attempt (specific-threats.rules)
 * 1:17415 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt (specific-threats.rules)
 * 1:17422 <-> DISABLED <-> SPECIFIC-THREATS Firefox defineSetter function pointer memory corruption attempt (specific-threats.rules)
 * 1:17435 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:17437 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:1744 <-> DISABLED <-> WEB-MISC SecureSite authentication bypass attempt (web-misc.rules)
 * 1:17466 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (specific-threats.rules)
 * 1:17468 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (web-client.rules)
 * 1:17489 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Help File Heap Buffer Overflow attempt (specific-threats.rules)
 * 1:17494 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt (web-client.rules)
 * 1:1750 <-> DISABLED <-> WEB-IIS users.xml access (web-iis.rules)
 * 1:1753 <-> DISABLED <-> WEB-IIS as_web.exe access (web-iis.rules)
 * 1:1754 <-> DISABLED <-> WEB-IIS as_web4.exe access (web-iis.rules)
 * 1:17554 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer DOM object cache management memory corruption attempt (specific-threats.rules)
 * 1:1756 <-> DISABLED <-> WEB-IIS NewsPro administration authentication attempt (web-iis.rules)
 * 1:1757 <-> DISABLED <-> WEB-MISC b2 arbitrary command execution attempt (web-misc.rules)
 * 1:17618 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows hraphics engine EMF rendering vulnerability (specific-threats.rules)
 * 1:17626 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows embedded web font handling buffer overflow attempt (specific-threats.rules)
 * 1:17628 <-> DISABLED <-> SPECIFIC-THREATS Sun Microsystems Java gif handling memory corruption attempt (specific-threats.rules)
 * 1:1763 <-> DISABLED <-> WEB-CGI Nortel Contivity cgiproc DOS attempt (web-cgi.rules)
 * 1:1764 <-> DISABLED <-> WEB-CGI Nortel Contivity cgiproc DOS attempt (web-cgi.rules)
 * 1:17648 <-> DISABLED <-> WEB-IIS source code disclosure attempt (web-iis.rules)
 * 1:1765 <-> DISABLED <-> WEB-CGI Nortel Contivity cgiproc access (web-cgi.rules)
 * 1:1766 <-> DISABLED <-> WEB-MISC search.dll directory listing attempt (web-misc.rules)
 * 1:1767 <-> DISABLED <-> WEB-MISC search.dll access (web-misc.rules)
 * 1:1769 <-> DISABLED <-> WEB-MISC .DS_Store access (web-misc.rules)
 * 1:1770 <-> DISABLED <-> WEB-MISC .FBCIndex access (web-misc.rules)
 * 1:1772 <-> DISABLED <-> WEB-IIS pbserver access (web-iis.rules)
 * 1:17723 <-> ENABLED <-> NETBIOS possible SMB replay attempt - overlapping encryption keys detected (netbios.rules)
 * 1:17780 <-> DISABLED <-> SPECIFIC-THREATS CBO CBL CBM buffer overflow attempt (specific-threats.rules)
 * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules)
 * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules)
 * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules)
 * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules)
 * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules)
 * 1:1787 <-> DISABLED <-> WEB-CGI csPassword.cgi access (web-cgi.rules)
 * 1:1788 <-> DISABLED <-> WEB-CGI csPassword password.cgi.tmp access (web-cgi.rules)
 * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules)
 * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules)
 * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules)
 * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules)
 * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules)
 * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules)
 * 1:17904 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules)
 * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules)
 * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules)
 * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules)
 * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules)
 * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules)
 * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules)
 * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules)
 * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules)
 * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules)
 * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules)
 * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules)
 * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules)
 * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules)
 * 1:1802 <-> DISABLED <-> WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1803 <-> DISABLED <-> WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1804 <-> DISABLED <-> WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1805 <-> DISABLED <-> WEB-CGI Oracle reports CGI access (web-cgi.rules)
 * 1:1806 <-> DISABLED <-> WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
 * 1:1807 <-> DISABLED <-> WEB-MISC Chunked-Encoding transfer attempt (web-misc.rules)
 * 1:1808 <-> DISABLED <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules)
 * 1:1809 <-> DISABLED <-> WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules)
 * 1:1814 <-> DISABLED <-> WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules)
 * 1:18167 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:18168 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:1817 <-> DISABLED <-> WEB-IIS MS Site Server default login attempt (web-iis.rules)
 * 1:18170 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (specific-threats.rules)
 * 1:18171 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18172 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18173 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18176 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:18177 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:18178 <-> DISABLED <-> SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (specific-threats.rules)
 * 1:1818 <-> DISABLED <-> WEB-IIS MS Site Server admin attempt (web-iis.rules)
 * 1:18193 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:18194 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt (specific-threats.rules)
 * 1:1820 <-> DISABLED <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules)
 * 1:18202 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Address Book smmscrpt.dll malicious DLL load (web-client.rules)
 * 1:18203 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (netbios.rules)
 * 1:18206 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (netbios.rules)
 * 1:18207 <-> DISABLED <-> NETBIOS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (netbios.rules)
 * 1:18208 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wininet peerdist.dll dll-load exploit attempt (web-client.rules)
 * 1:18209 <-> DISABLED <-> NETBIOS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (netbios.rules)
 * 1:18211 <-> ENABLED <-> NETBIOS Microsoft Movie Maker hhctrl.ocx dll-load exploit attempt (netbios.rules)
 * 1:18215 <-> DISABLED <-> NETBIOS NETAPI RPC interface reboot attempt (netbios.rules)
 * 1:1822 <-> DISABLED <-> WEB-CGI alienform.cgi directory traversal attempt (web-cgi.rules)
 * 1:18221 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table remote code execution attempt (web-client.rules)
 * 1:18222 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18223 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18224 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18225 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (netbios.rules)
 * 1:18226 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (netbios.rules)
 * 1:18227 <-> DISABLED <-> NETBIOS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (netbios.rules)
 * 1:1823 <-> DISABLED <-> WEB-CGI AlienForm af.cgi directory traversal attempt (web-cgi.rules)
 * 1:1824 <-> DISABLED <-> WEB-CGI alienform.cgi access (web-cgi.rules)
 * 1:1825 <-> DISABLED <-> WEB-CGI AlienForm af.cgi access (web-cgi.rules)
 * 1:1826 <-> DISABLED <-> WEB-MISC WEB-INF access (web-misc.rules)
 * 1:18264 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript deleted frame or window reference attempt (specific-threats.rules)
 * 1:1827 <-> DISABLED <-> WEB-MISC Apache Tomcat servlet mapping cross site scripting attempt (web-misc.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18277 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18278 <-> DISABLED <-> NETBIOS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (netbios.rules)
 * 1:1828 <-> DISABLED <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules)
 * 1:18282 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules)
 * 1:1829 <-> DISABLED <-> WEB-MISC Apache Tomcat TroubleShooter servlet access (web-misc.rules)
 * 1:18298 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox Javascript large regex memory corruption attempt (specific-threats.rules)
 * 1:18299 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer implicit drag and drop file installation attempt (web-client.rules)
 * 1:1830 <-> DISABLED <-> WEB-MISC Apache Tomcat SnoopServlet servlet access (web-misc.rules)
 * 1:18300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer FTP command injection attempt (web-client.rules)
 * 1:18304 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer span tag memory corruption attempt (web-client.rules)
 * 1:18305 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules)
 * 1:18307 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer frameset memory corruption attempt (specific-threats.rules)
 * 1:18309 <-> DISABLED <-> WEB-CLIENT Microsoft Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:1831 <-> DISABLED <-> WEB-MISC jigsaw dos attempt (web-misc.rules)
 * 1:18332 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox JS Web Worker arbitrary code execution attempt (web-client.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Flipopia (blacklist.rules)
 * 1:1835 <-> DISABLED <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GabPath (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18353 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string SelectRebates (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string random (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Oncues (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string msndown (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Installer (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string MSDN SurfBear (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Trololo (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string malware (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18388 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string 3653Client (blacklist.rules)
 * 1:1839 <-> DISABLED <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string MyLove (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string qixi (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18396 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Hypervisor DOS vfd download attempt (web-client.rules)
 * 1:1840 <-> DISABLED <-> WEB-CLIENT Javascript document.domain attempt (web-client.rules)
 * 1:1841 <-> DISABLED <-> WEB-CLIENT Javascript URL host spoofing attempt (web-client.rules)
 * 1:18426 <-> DISABLED <-> NETBIOS Acrobat Reader plugin sqlite.dll dll-load exploit attempt (netbios.rules)
 * 1:18431 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin sqlite.dll dll-load exploit attempt (web-client.rules)
 * 1:18432 <-> DISABLED <-> WEB-CLIENT Acrobat Reader d3dref9.dll dll-load exploit attempt (web-client.rules)
 * 1:18433 <-> DISABLED <-> NETBIOS Acrobat Reader d3dref9.dll dll-load exploit attempt (netbios.rules)
 * 1:18434 <-> DISABLED <-> NETBIOS Acrobat Reader plugin ace.dll dll-load exploit attempt (netbios.rules)
 * 1:18435 <-> DISABLED <-> NETBIOS Acrobat Reader plugin agm.dll dll-load exploit attempt (netbios.rules)
 * 1:18436 <-> DISABLED <-> NETBIOS Acrobat Reader plugin bibutils.dll dll-load exploit attempt (netbios.rules)
 * 1:18437 <-> DISABLED <-> NETBIOS Acrobat Reader plugin cooltype.dll dll-load exploit attempt (netbios.rules)
 * 1:18438 <-> DISABLED <-> NETBIOS Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (netbios.rules)
 * 1:18439 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin ace.dll dll-load exploit attempt (web-client.rules)
 * 1:18440 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin agm.dll dll-load exploit attempt (web-client.rules)
 * 1:18441 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin bibutils.dll dll-load exploit attempt (web-client.rules)
 * 1:18442 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin cooltype.dll dll-load exploit attempt (web-client.rules)
 * 1:18443 <-> DISABLED <-> WEB-CLIENT Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (web-client.rules)
 * 1:18445 <-> DISABLED <-> WEB-CLIENT Acrobat Flash Player nvapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18446 <-> DISABLED <-> NETBIOS Acrobat Flash Player nvapi.dll dll-load exploit attempt (netbios.rules)
 * 1:18452 <-> DISABLED <-> SPECIFIC-THREATS Adobe malicious IFF memory corruption attempt (specific-threats.rules)
 * 1:1847 <-> DISABLED <-> WEB-MISC webalizer access (web-misc.rules)
 * 1:1848 <-> DISABLED <-> WEB-MISC webcart-lite access (web-misc.rules)
 * 1:18488 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop wintab32.dll dll-load exploit attempt (web-client.rules)
 * 1:18489 <-> DISABLED <-> NETBIOS Adobe Photoshop wintab32.dll dll-load exploit attempt (netbios.rules)
 * 1:1849 <-> DISABLED <-> WEB-MISC webfind.exe access (web-misc.rules)
 * 1:18494 <-> DISABLED <-> NETBIOS Microsoft product .dll dll-load exploit attempt (netbios.rules)
 * 1:18495 <-> DISABLED <-> WEB-CLIENT Microsoft product .dll dll-load exploit attempt (web-client.rules)
 * 1:18496 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (web-client.rules)
 * 1:18497 <-> DISABLED <-> NETBIOS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (netbios.rules)
 * 1:18499 <-> DISABLED <-> WEB-CLIENT Microsoft Groove mso.dll dll-load exploit attempt (web-client.rules)
 * 1:1850 <-> DISABLED <-> WEB-CGI way-board.cgi access (web-cgi.rules)
 * 1:18500 <-> DISABLED <-> NETBIOS Microsoft Groove mso.dll dll-load exploit attempt (netbios.rules)
 * 1:1851 <-> DISABLED <-> WEB-MISC active.log access (web-misc.rules)
 * 1:18517 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer long URL buffer overflow attempt (specific-threats.rules)
 * 1:1852 <-> DISABLED <-> WEB-MISC robots.txt access (web-misc.rules)
 * 1:18524 <-> DISABLED <-> SPECIFIC-THREATS Multiple vendor anti-virus extended ASCII filename scan bypass attempt (specific-threats.rules)
 * 1:18531 <-> DISABLED <-> WEB-CLIENT Multiple Vendors iacenc.dll dll-load exploit attempt (web-client.rules)
 * 1:18532 <-> DISABLED <-> NETBIOS Multiple Vendors iacenc.dll dll-load exploit attempt (netbios.rules)
 * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules)
 * 1:1857 <-> DISABLED <-> WEB-MISC robot.txt access (web-misc.rules)
 * 1:1858 <-> DISABLED <-> WEB-MISC CISCO PIX Firewall Manager directory traversal attempt (web-misc.rules)
 * 1:18597 <-> DISABLED <-> SPECIFIC-THREATS Opera file URI handling buffer overflow (specific-threats.rules)
 * 1:18604 <-> DISABLED <-> SPECIFIC-THREATS lizamoon script injection (specific-threats.rules)
 * 1:18608 <-> DISABLED <-> POLICY Dropbox desktop software in use (policy.rules)
 * 1:18618 <-> DISABLED <-> BLACKLIST Win32.Scar.dpvy/Parkchicers.A/Delf checkin (blacklist.rules)
 * 1:18619 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (web-client.rules)
 * 1:1862 <-> DISABLED <-> WEB-CGI mrtg.cgi directory traversal attempt (web-cgi.rules)
 * 1:18620 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (web-client.rules)
 * 1:18621 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (web-client.rules)
 * 1:18622 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (web-client.rules)
 * 1:18623 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (web-client.rules)
 * 1:18625 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (netbios.rules)
 * 1:18626 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (netbios.rules)
 * 1:18627 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (netbios.rules)
 * 1:18628 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (netbios.rules)
 * 1:18629 <-> DISABLED <-> NETBIOS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (netbios.rules)
 * 1:18645 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:1865 <-> DISABLED <-> WEB-CGI webdist.cgi arbitrary command attempt (web-cgi.rules)
 * 1:18670 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:1870 <-> DISABLED <-> WEB-CGI siteUserMod.cgi access (web-cgi.rules)
 * 1:18700 <-> DISABLED <-> BLACKLIST Win32.BHO.argt checkin (blacklist.rules)
 * 1:1871 <-> DISABLED <-> WEB-MISC Oracle XSQLConfig.xml access (web-misc.rules)
 * 1:1872 <-> DISABLED <-> WEB-MISC Oracle Dynamic Monitoring Services dms access (web-misc.rules)
 * 1:1873 <-> DISABLED <-> WEB-MISC globals.jsa access (web-misc.rules)
 * 1:1874 <-> DISABLED <-> WEB-MISC Oracle Java Process Manager access (web-misc.rules)
 * 1:18741 <-> DISABLED <-> WEB-ACTIVEX CrystalReports EnterpriseControls ActiveX clsid access (web-activex.rules)
 * 1:18744 <-> DISABLED <-> WEB-CLIENT VideoLAN vlc player subtitle buffer overflow attempt (web-client.rules)
 * 1:1875 <-> DISABLED <-> WEB-CGI cgicso access (web-cgi.rules)
 * 1:1876 <-> DISABLED <-> WEB-CGI nph-publish.cgi access (web-cgi.rules)
 * 1:18762 <-> DISABLED <-> BLACKLIST URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW (blacklist.rules)
 * 1:1877 <-> DISABLED <-> WEB-CGI printenv access (web-cgi.rules)
 * 1:1878 <-> DISABLED <-> WEB-CGI sdbsearch.cgi access (web-cgi.rules)
 * 1:18782 <-> DISABLED <-> BLACKLIST URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (blacklist.rules)
 * 1:1879 <-> DISABLED <-> WEB-CGI book.cgi arbitrary command execution attempt (web-cgi.rules)
 * 1:1880 <-> DISABLED <-> WEB-MISC oracle web application server access (web-misc.rules)
 * 1:1881 <-> DISABLED <-> WEB-MISC bad HTTP/1.1 request, Potentially worm attack (web-misc.rules)
 * 1:18900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI (W32.Swizzor -- blacklist.rules)
 * 1:18942 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MacProtector (blacklist.rules)
 * 1:18943 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MacDefender (blacklist.rules)
 * 1:18958 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18963 <-> DISABLED <-> SPECIFIC-THREATS Adobe ActionScript 3 addEventListener exploit attempt (specific-threats.rules)
 * 1:18967 <-> DISABLED <-> SPECIFIC-THREATS Adobe ActionScript argumentCount download attempt (specific-threats.rules)
 * 1:18984 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - Win32/Trojanclicker (blacklist.rules)
 * 1:19007 <-> DISABLED <-> NETBIOS Samba SID parsing overflow attempt (netbios.rules)
 * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules)
 * 1:19026 <-> DISABLED <-> SPYWARE-PUT Smart Protector outbound connection (spyware-put.rules)
 * 1:19043 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.BestBoan contact to server attempt (spyware-put.rules)
 * 1:19044 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.ThinkPoint contact to server attempt (spyware-put.rules)
 * 1:19046 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.Winwebsec contact to server attempt (spyware-put.rules)
 * 1:19047 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.RClean contact to server attempt (spyware-put.rules)
 * 1:19059 <-> DISABLED <-> SPYWARE-PUT RogueSoftware.Win32.SystemDefragmenter contact to server attempt (spyware-put.rules)
 * 1:19061 <-> DISABLED <-> SPYWARE-PUT Adware.Win32.Cashtitan contact to server attempt (spyware-put.rules)
 * 1:19064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft OpenType font index remote code execution attempt (specific-threats.rules)
 * 1:19074 <-> DISABLED <-> WEB-CLIENT javascript uuencoded noop sled attempt (web-client.rules)
 * 1:19075 <-> DISABLED <-> WEB-CLIENT javascript uuencoded eval statement (web-client.rules)
 * 1:19076 <-> DISABLED <-> SPECIFIC-THREATS Firefox appendChild use-after-free attempt (specific-threats.rules)
 * 1:19077 <-> DISABLED <-> SPECIFIC-THREATS Firefox appendChild use-after-free attempt (specific-threats.rules)
 * 1:19079 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer getElementById object corruption (specific-threats.rules)
 * 1:19081 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS style memory corruption attempt (specific-threats.rules)
 * 1:19084 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS style memory corruption attempt (specific-threats.rules)
 * 1:19096 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit CSS Charset Text transformation code execution attempt (specific-threats.rules)
 * 1:19106 <-> DISABLED <-> SPYWARE-PUT Keylogger Ardamax keylogger runtime detection - http (spyware-put.rules)
 * 1:19112 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D stucture heap overflow (specific-threats.rules)
 * 1:19113 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 81 overflow attempt (specific-threats.rules)
 * 1:19114 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 45 overflow attempt (specific-threats.rules)
 * 1:19115 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 89 overflow attempt (specific-threats.rules)
 * 1:19165 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string Microsoft Internet Explorer (blacklist.rules)
 * 1:19172 <-> DISABLED <-> NETBIOS Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (netbios.rules)
 * 1:19176 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19177 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19178 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:19179 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:19189 <-> DISABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19195 <-> DISABLED <-> SPECIFIC-THREATS Oracle Document Capture ActiveX function call access (specific-threats.rules)
 * 1:19199 <-> DISABLED <-> NETBIOS Smb2Create_Finalize malformed EndOfFile field exploit attempt (netbios.rules)
 * 1:19204 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19220 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19221 <-> DISABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19234 <-> DISABLED <-> WEB-CLIENT Microsoft Visual Studio information disclosure attempt (web-client.rules)
 * 1:19235 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer copy/paste memory corruption attempt (specific-threats.rules)
 * 1:19236 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer drag event memory corruption attempt (specific-threats.rules)
 * 1:19238 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer 8 self remove from markup vulnerability (exploit.rules)
 * 1:19240 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7/8 reload stylesheet attempt (web-client.rules)
 * 1:19241 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19242 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19246 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS expression defined to empty selection attempt (web-client.rules)
 * 1:19247 <-> DISABLED <-> SPECIFIC-THREATS Adobe jpeg 2000 image exploit attempt (specific-threats.rules)
 * 1:19249 <-> DISABLED <-> SPECIFIC-THREATS Adobe Universal3D meshes.removeItem exploit attempt (specific-threats.rules)
 * 1:19256 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - greenherbalteagirlholdingcup (blacklist.rules)
 * 1:19265 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19266 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19293 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory corruption attempt (specific-threats.rules)
 * 1:19297 <-> DISABLED <-> SPECIFIC-THREATS sidename.js script injection (specific-threats.rules)
 * 1:19298 <-> DISABLED <-> SPECIFIC-THREATS cssminibar.js script injection (specific-threats.rules)
 * 1:19299 <-> DISABLED <-> SPECIFIC-THREATS banner.txt access - possible compromised multi-mesh injection server (specific-threats.rules)
 * 1:19300 <-> DISABLED <-> SPECIFIC-THREATS probable multi-mesh injection attack (specific-threats.rules)
 * 1:19309 <-> DISABLED <-> SPYWARE-PUT hijacker starware videos outbound connection (spyware-put.rules)
 * 1:1931 <-> DISABLED <-> WEB-CGI rpc-nlog.pl access (web-cgi.rules)
 * 1:19314 <-> DISABLED <-> NETBIOS Groove GroovePerfmon.dll dll-load exploit attempt (netbios.rules)
 * 1:19315 <-> DISABLED <-> WEB-CLIENT Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (web-client.rules)
 * 1:1932 <-> DISABLED <-> WEB-CGI rpc-smb.pl access (web-cgi.rules)
 * 1:1933 <-> DISABLED <-> WEB-CGI cart.cgi access (web-cgi.rules)
 * 1:19372 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious user-agent string javasw - Trojan.Banload (blacklist.rules)
 * 1:19399 <-> DISABLED <-> SPYWARE-PUT Email Worm Win32.Zhelatin.ch outbound connection (spyware-put.rules)
 * 1:1943 <-> DISABLED <-> WEB-MISC /Carello/add.exe access (web-misc.rules)
 * 1:1944 <-> DISABLED <-> WEB-MISC /ecscripts/ecware.exe access (web-misc.rules)
 * 1:19453 <-> DISABLED <-> SPYWARE-PUT Sus.BancDI-B trojan runtime detection (spyware-put.rules)
 * 1:19455 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.AutoRun.aw runtime detection (spyware-put.rules)
 * 1:19464 <-> DISABLED <-> SPECIFIC-THREATS Microsoft CSRSS integer overflow attempt (specific-threats.rules)
 * 1:19465 <-> DISABLED <-> NETBIOS Visio mfc71 dll-load exploit attempt (netbios.rules)
 * 1:19467 <-> DISABLED <-> SPECIFIC-THREATS Microsoft CSRSS NULL Fontface pointer attempt (specific-threats.rules)
 * 1:19468 <-> DISABLED <-> SPECIFIC-THREATS Microsoft stale data code execution attempt (specific-threats.rules)
 * 1:19469 <-> DISABLED <-> SPECIFIC-THREATS Microsoft invalid message kernel-mode memory disclosure attempt (specific-threats.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19478 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.Taterf.B contact to server attempt (spyware-put.rules)
 * 1:19479 <-> DISABLED <-> SPYWARE-PUT Net-Worm.Win32.Piloyd.m contact to server attempt - request html (spyware-put.rules)
 * 1:1948 <-> DISABLED <-> DNS zone transfer UDP (dns.rules)
 * 1:19485 <-> DISABLED <-> SPYWARE-PUT Packed.Win32.Black.d contact to server attempt (spyware-put.rules)
 * 1:19486 <-> DISABLED <-> SPYWARE-PUT W32.Fiala.A contact to server attempt (spyware-put.rules)
 * 1:19488 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.Failnum.A contact to server attempt (spyware-put.rules)
 * 1:19570 <-> DISABLED <-> SPYWARE-PUT Antivirus Plus runtime detection (spyware-put.rules)
 * 1:19571 <-> DISABLED <-> SPYWARE-PUT Antivirus Agent Pro runtime detection (spyware-put.rules)
 * 1:19576 <-> DISABLED <-> SPYWARE-PUT Antivirus Pro 2010 outbound connection (spyware-put.rules)
 * 1:19578 <-> DISABLED <-> SPYWARE-PUT Personal Guard 2009 outbound connection (spyware-put.rules)
 * 1:19594 <-> DISABLED <-> SPYWARE-PUT Win32.Fruspam runtime detection (spyware-put.rules)
 * 1:19598 <-> DISABLED <-> SPYWARE-PUT Infostealer.Gampass runtime detection (spyware-put.rules)
 * 1:19601 <-> DISABLED <-> NETBIOS Oracle Java Runtime Environment .hotspotrc file load exploit attempt (netbios.rules)
 * 1:19602 <-> DISABLED <-> NETBIOS Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (netbios.rules)
 * 1:19603 <-> DISABLED <-> WEB-CLIENT Oracle Java Runtime Environment .hotspotrc file load exploit attempt (web-client.rules)
 * 1:19604 <-> DISABLED <-> WEB-CLIENT Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (web-client.rules)
 * 1:19610 <-> DISABLED <-> WEB-ACTIVEX ShockwaveFlash.ShockwaveFlash ActiveX function call access (web-activex.rules)
 * 1:19611 <-> DISABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string INet - Win32.Virus.Jusabli.A (blacklist.rules)
 * 1:19617 <-> DISABLED <-> NETBIOS Adobe Audition assist.dll dll-load exploit attempt (netbios.rules)
 * 1:19618 <-> DISABLED <-> NETBIOS Adobe multiple products dwmapi.dll dll-load exploit attempt (netbios.rules)
 * 1:19619 <-> DISABLED <-> WEB-CLIENT Adobe Audition assist.dll dll-load exploit attempt (web-client.rules)
 * 1:19620 <-> DISABLED <-> WEB-CLIENT Adobe multiple products dwmapi.dll dll-load exploit attempt (web-client.rules)
 * 1:19650 <-> DISABLED <-> WEB-ACTIVEX Cisco AnyConnect ActiveX clsid access (web-activex.rules)
 * 1:19651 <-> DISABLED <-> WEB-ACTIVEX Cisco AnyConnect ActiveX function call access (web-activex.rules)
 * 1:19666 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer multi-window access memory corruption attempt (web-client.rules)
 * 1:19667 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer cross-domain scripting attack (specific-threats.rules)
 * 1:19668 <-> DISABLED <-> NETBIOS Internet Explorer telnet.exe file load exploit attempt (netbios.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19670 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer telnet.exe file load exploit attempt (web-client.rules)
 * 1:19671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer XSLT memory corruption attempt (web-client.rules)
 * 1:19672 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (web-client.rules)
 * 1:19673 <-> DISABLED <-> NETBIOS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (netbios.rules)
 * 1:19674 <-> DISABLED <-> WEB-CLIENT Microsoft Data Access Components bidlab.dll dll-load exploit attempt (web-client.rules)
 * 1:19688 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript BitmapData buffer overflow attempt (specific-threats.rules)
 * 1:19689 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript dynamic calculation double-free attempt (specific-threats.rules)
 * 1:1969 <-> DISABLED <-> WEB-MISC ion-p access (web-misc.rules)
 * 1:19690 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript duplicateDoorInputArguments stack overwrite (specific-threats.rules)
 * 1:19691 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Actionscript File reference buffer overflow attempt (specific-threats.rules)
 * 1:1970 <-> DISABLED <-> WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
 * 1:19717 <-> DISABLED <-> SPYWARE-PUT Virus.Win32.Virut.ce contact to server attempt (spyware-put.rules)
 * 1:19719 <-> DISABLED <-> SPYWARE-PUT Email-Worm.Win32.Bagle.of Runtime Detection (spyware-put.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19740 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.AutoRun.aczu runtime detection (spyware-put.rules)
 * 1:1977 <-> DISABLED <-> WEB-MISC xp_regwrite attempt (web-misc.rules)
 * 1:19775 <-> DISABLED <-> SPYWARE-PUT PWS.Win32.Ldpinch.gen runtime detection (spyware-put.rules)
 * 1:19777 <-> DISABLED <-> SPYWARE-PUT Fast Antivirus 2009 runtime detection (spyware-put.rules)
 * 1:1978 <-> DISABLED <-> WEB-MISC xp_regdeletekey attempt (web-misc.rules)
 * 1:19784 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.AutoRun.sde runtime detection (spyware-put.rules)
 * 1:19786 <-> DISABLED <-> SPYWARE-PUT FakeAV Personal Antivirus outbound connection (spyware-put.rules)
 * 1:19806 <-> DISABLED <-> SPECIFIC-THREATS Apple Safari Webkit SVG memory corruption attempt (specific-threats.rules)
 * 1:19808 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer covered object memory corruption attempt (web-client.rules)
 * 1:19809 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer covered object memory corruption attempt (specific-threats.rules)
 * 1:19816 <-> DISABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19821 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.Bagle.gen.C runtime detection (spyware-put.rules)
 * 1:19823 <-> DISABLED <-> SPYWARE-PUT Downloader.Banload.AKBB runtime detection (spyware-put.rules)
 * 1:19827 <-> DISABLED <-> SPYWARE-PUT PWS-QQGame runtime detection (spyware-put.rules)
 * 1:19837 <-> DISABLED <-> SPYWARE-PUT Spyware Guard 2008 runtime detection (spyware-put.rules)
 * 1:19838 <-> DISABLED <-> SPYWARE-PUT Spyware Guard 2008 runtime detection (spyware-put.rules)
 * 1:19839 <-> DISABLED <-> SPYWARE-PUT Antivirus XP 2008 runtime detection (spyware-put.rules)
 * 1:19840 <-> DISABLED <-> SPYWARE-PUT XP Antispyware 2009 runtime detection (spyware-put.rules)
 * 1:19841 <-> DISABLED <-> SPYWARE-PUT 0desa MSN password stealer (spyware-put.rules)
 * 1:19842 <-> DISABLED <-> SPYWARE-PUT Windows Antivirus 2008 (spyware-put.rules)
 * 1:19843 <-> DISABLED <-> SPYWARE-PUT Windows Antivirus 2008 (spyware-put.rules)
 * 1:19850 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.AutoRun.qgg runtime detection (spyware-put.rules)
 * 1:19851 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.AutoRun.qgg runtime detection (spyware-put.rules)
 * 1:19853 <-> DISABLED <-> SPYWARE-PUT Wowpa KI outbound connection (spyware-put.rules)
 * 1:19859 <-> DISABLED <-> SPYWARE-PUT XP Deluxe Protector outbound connection (spyware-put.rules)
 * 1:19860 <-> DISABLED <-> SPYWARE-PUT Trust Warrior Runtime Detection (spyware-put.rules)
 * 1:19871 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer VML buffer overflow attempt (web-client.rules)
 * 1:19883 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (specific-threats.rules)
 * 1:19885 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (web-client.rules)
 * 1:19896 <-> DISABLED <-> SPYWARE-PUT Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (spyware-put.rules)
 * 1:19902 <-> DISABLED <-> SPYWARE-PUT Targetedbanner.biz Adrotator runtime detection (spyware-put.rules)
 * 1:19903 <-> DISABLED <-> SPYWARE-PUT Win32.Agent.vvm runtime detection (spyware-put.rules)
 * 1:19904 <-> DISABLED <-> SPYWARE-PUT WinReanimator runtime detection (spyware-put.rules)
 * 1:19909 <-> DISABLED <-> SPECIFIC-THREATS Cisco AnyConnect ActiveX clsid access (specific-threats.rules)
 * 1:19937 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt (web-client.rules)
 * 1:19939 <-> DISABLED <-> SPYWARE-PUT WeatherStudio runtime detection (spyware-put.rules)
 * 1:1994 <-> DISABLED <-> WEB-CGI vpasswd.cgi access (web-cgi.rules)
 * 1:1995 <-> DISABLED <-> WEB-CGI alya.cgi access (web-cgi.rules)
 * 1:1996 <-> DISABLED <-> WEB-CGI viralator.cgi access (web-cgi.rules)
 * 1:19971 <-> DISABLED <-> SPYWARE-PUT Win32.Mudrop.lj runtime detection (spyware-put.rules)
 * 1:19976 <-> DISABLED <-> SPYWARE-PUT Worm.Win32.Koobface.hy runtime detection (spyware-put.rules)
 * 1:19984 <-> DISABLED <-> SPYWARE-PUT Antivirus 2010 Install Detection (spyware-put.rules)
 * 1:19985 <-> DISABLED <-> SPYWARE-PUT AntivirusPC2009 runtime traffic detected (spyware-put.rules)
 * 1:19986 <-> DISABLED <-> SPYWARE-PUT AntivirusPC2009 install-time traffic detected (spyware-put.rules)
 * 1:19987 <-> DISABLED <-> SPYWARE-PUT PCLiveGuard install-time traffic detected (spyware-put.rules)
 * 1:19989 <-> DISABLED <-> SPYWARE-PUT Total Protect 2009 outbound connection (spyware-put.rules)
 * 1:19990 <-> DISABLED <-> SPYWARE-PUT Total Protect 2009 outbound connection (spyware-put.rules)
 * 1:19994 <-> DISABLED <-> SPYWARE-PUT Antivirus 360 outbound connection (spyware-put.rules)
 * 1:19999 <-> DISABLED <-> SPYWARE-PUT ThreatNuker outbound connection (spyware-put.rules)
 * 1:20000 <-> DISABLED <-> WEB-CLIENT Achievement Unlocked (Billion Dollar Company -- web-client.rules)
 * 1:20007 <-> DISABLED <-> SPYWARE-PUT Cinmus.asaq runtime traffic detected (spyware-put.rules)
 * 1:2001 <-> DISABLED <-> WEB-CGI smartsearch.cgi access (web-cgi.rules)
 * 1:20025 <-> DISABLED <-> SPYWARE-PUT VirusBye outbound connection (spyware-put.rules)
 * 1:20041 <-> DISABLED <-> SPYWARE-PUT Adware.BB outbound connection (spyware-put.rules)
 * 1:20048 <-> DISABLED <-> EXPLOIT Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (exploit.rules)
 * 1:20050 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player memory consumption vulnerability (specific-threats.rules)
 * 1:20055 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java runtime JPEGImageReader overflow attempt (specific-threats.rules)
 * 1:20059 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime PictureViewer GIF rendering vulnerability (specific-threats.rules)
 * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules)
 * 1:20063 <-> DISABLED <-> SPYWARE-PUT SecurityTool outbound connection (spyware-put.rules)
 * 1:20073 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20084 <-> DISABLED <-> SPECIFIC-THREATS ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (specific-threats.rules)
 * 1:20100 <-> DISABLED <-> SPYWARE-PUT Adware Arcade Web - installation/update (spyware-put.rules)
 * 1:20101 <-> DISABLED <-> SPYWARE-PUT Adware Arcade Web - User-Agent (spyware-put.rules)
 * 1:20102 <-> DISABLED <-> SPYWARE-PUT Adware Arcade Web - X-Arcadeweb header (spyware-put.rules)
 * 1:20103 <-> DISABLED <-> SPYWARE-PUT Adware playsushi - User-Agent (spyware-put.rules)
 * 1:20117 <-> DISABLED <-> EXPLOIT Microsoft SharePoint XSS (exploit.rules)
 * 1:20118 <-> DISABLED <-> NETBIOS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (netbios.rules)
 * 1:20119 <-> DISABLED <-> WEB-CLIENT Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (web-client.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20137 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:20143 <-> DISABLED <-> SPYWARE-PUT Adware mightymagoo/playpickle/livingplay - User-Agent (spyware-put.rules)
 * 1:20160 <-> DISABLED <-> WEB-MISC Oracle GlassFish Server successful authentication bypass attempt (web-misc.rules)
 * 1:20182 <-> DISABLED <-> WEB-CLIENT Adobe Flash Player viewSource blacklist exclusion attempt (web-client.rules)
 * 1:20183 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player setInterval use attempt (specific-threats.rules)
 * 1:20206 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player pcre ActionScript under allocation (specific-threats.rules)
 * 1:20220 <-> DISABLED <-> SPYWARE-PUT Adware.Wizpop outbound connection (spyware-put.rules)
 * 1:20225 <-> DISABLED <-> NETBIOS SMI file download request (netbios.rules)
 * 1:20226 <-> DISABLED <-> NETBIOS MPlayer SMI file buffer overflow attempt (netbios.rules)
 * 1:20238 <-> DISABLED <-> SPECIFIC-THREATS Java calendar deserialize vulnerability (specific-threats.rules)
 * 1:20239 <-> DISABLED <-> WEB-CLIENT Java GIF LZW minimum code size overflow attempt (web-client.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20253 <-> DISABLED <-> NETBIOS Microsoft products oleacc.dll dll-load exploit attempt (netbios.rules)
 * 1:20254 <-> DISABLED <-> WEB-CLIENT Microsoft products oleacc.dll dll-load exploit attempt (web-client.rules)
 * 1:20255 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Silverlight inheritance restriction bypass (specific-threats.rules)
 * 1:20262 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer onscroll DOS attempt (web-client.rules)
 * 1:20263 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer htmlfile null attribute access (web-client.rules)
 * 1:20264 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer selection option and form reset attack (specific-threats.rules)
 * 1:20265 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer null attribute crash (specific-threats.rules)
 * 1:20266 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer 8 Javascript negative option index attack attempt (web-misc.rules)
 * 1:20267 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer circular reference exploit attempt (specific-threats.rules)
 * 1:20268 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Marquee stylesheet object removal (specific-threats.rules)
 * 1:20273 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer jscript9 parsing corruption attempt (specific-threats.rules)
 * 1:20274 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20277 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:20278 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20279 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20294 <-> DISABLED <-> SPECIFIC-THREATS Metasploit LibTiff Exploit (specific-threats.rules)
 * 1:20295 <-> DISABLED <-> SPECIFIC-THREATS Public LibTiff Exploit (specific-threats.rules)
 * 1:20433 <-> DISABLED <-> SPYWARE-PUT XP Guardian 2010 anutayadokalug host runtime traffic detection (spyware-put.rules)
 * 1:20434 <-> DISABLED <-> SPYWARE-PUT XP Guardian 2010 proantivirus21 host runtime traffic detection (spyware-put.rules)
 * 1:2051 <-> DISABLED <-> WEB-CGI cached_feed.cgi moreover shopping cart access (web-cgi.rules)
 * 1:2052 <-> DISABLED <-> WEB-CGI overflow.cgi access (web-cgi.rules)
 * 1:20529 <-> DISABLED <-> EXPLOIT Oracle Java trusted method chaining attempt (exploit.rules)
 * 1:2053 <-> DISABLED <-> WEB-CGI process_bug.cgi access (web-cgi.rules)
 * 1:20535 <-> DISABLED <-> WEB-CLIENT Opera Config File script access attempt (web-client.rules)
 * 1:20537 <-> DISABLED <-> WEB-ACTIVEX Phobos.Playlist ActiveX clsid access (web-activex.rules)
 * 1:20538 <-> DISABLED <-> WEB-ACTIVEX Phobos.Playlist ActiveX function call access (web-activex.rules)
 * 1:2054 <-> DISABLED <-> WEB-CGI enter_bug.cgi arbitrary command attempt (web-cgi.rules)
 * 1:20548 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player recursive doaction stack exhaustion (specific-threats.rules)
 * 1:2055 <-> DISABLED <-> WEB-CGI enter_bug.cgi access (web-cgi.rules)
 * 1:20558 <-> ENABLED <-> BLACKLIST URI request for known malicious URI /stat2.php (blacklist.rules)
 * 1:20560 <-> DISABLED <-> EXPLOIT Adobe Flash Player salign null javascript access attempt (exploit.rules)
 * 1:20567 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash SWF AVM2 namespace lookup deref exploit (specific-threats.rules)
 * 1:20568 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (specific-threats.rules)
 * 1:20573 <-> DISABLED <-> WEB-ACTIVEX Oracle AutoVueX Control ExportEdaBom ActiveX clsid access (web-activex.rules)
 * 1:20574 <-> DISABLED <-> WEB-ACTIVEX Oracle AutoVueX Control ExportEdaBom ActiveX function call access (web-activex.rules)
 * 1:20579 <-> DISABLED <-> WEB-CLIENT Google Chrome and Apple Safari Ruby before and after memory corruption (web-client.rules)
 * 1:20581 <-> DISABLED <-> SCADA BroadWin WebAccess Client format string exploit attempt (scada.rules)
 * 1:20582 <-> DISABLED <-> SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (scada.rules)
 * 1:20583 <-> DISABLED <-> WEB-CLIENT Mozilla multiple location headers malicious redirect attempt (web-client.rules)
 * 1:20584 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt (web-client.rules)
 * 1:20585 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-length headers malicious redirect attempt (web-client.rules)
 * 1:20586 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-disposition headers malicious redirect attempt (web-client.rules)
 * 1:20593 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit libxslt arbitrary file creation attempt (web-client.rules)
 * 1:20600 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (specific-threats.rules)
 * 1:20634 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onscroll DOS attempt (specific-threats.rules)
 * 1:20660 <-> DISABLED <-> SPECIFIC-THREATS sl.php script injection (specific-threats.rules)
 * 1:20668 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /content/v1.jar (blacklist.rules)
 * 1:20669 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - w.php?f= (blacklist.rules)
 * 1:20675 <-> DISABLED <-> WEB-IIS Microsoft Active Directory Federation Services code execution attempt (web-iis.rules)
 * 1:20698 <-> DISABLED <-> WEB-CLIENT Telnet protocol specifier command injection attempt (web-client.rules)
 * 1:20699 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer XSRF timing attack against XSS filter (exploit.rules)
 * 1:20704 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer #default#time behavior attack attempt (web-activex.rules)
 * 1:20727 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox user interface event dispatcher dos attempt (web-client.rules)
 * 1:20729 <-> DISABLED <-> WEB-CLIENT Mozilla XBL object valueOf code execution attempt (web-client.rules)
 * 1:20730 <-> DISABLED <-> WEB-CLIENT Mozilla XBL.method.eval call (web-client.rules)
 * 1:20736 <-> DISABLED <-> WEB-CLIENT Apple Safari x-man-page URI terminal escape attempt (web-client.rules)
 * 1:20739 <-> DISABLED <-> WEB-CLIENT Mozilla Object.watch parent access attempt (web-client.rules)
 * 1:20742 <-> DISABLED <-> WEB-CLIENT Mozilla PLUGINSPAGE javascript execution attempt (web-client.rules)
 * 1:20743 <-> DISABLED <-> WEB-CLIENT Multiple web browser window injection attempt (web-client.rules)
 * 1:20744 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (web-client.rules)
 * 1:20752 <-> DISABLED <-> SPYWARE-PUT Win32.GameVance outbound connection (spyware-put.rules)
 * 1:20753 <-> DISABLED <-> SPYWARE-PUT Win32.GamePlayLabs outbound connection (spyware-put.rules)
 * 1:20767 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:20770 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20771 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20772 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20777 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption attempt (specific-threats.rules)
 * 1:20788 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:20814 <-> DISABLED <-> WEB-CLIENT Mozilla favicon href javascript execution attempt (web-client.rules)
 * 1:20820 <-> DISABLED <-> WEB-CLIENT Oracle Java JNLP parameter argument injection attempt (web-client.rules)
 * 1:20822 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer contenteditable corruption attempt malicious string (specific-threats.rules)
 * 1:2085 <-> DISABLED <-> WEB-CGI parse_xml.cgi access (web-cgi.rules)
 * 1:20853 <-> DISABLED <-> EXPLOIT DAZ Studio dangerous scripting method attempt (exploit.rules)
 * 1:20858 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java getSoundBank overflow Attempt malicious jar file (specific-threats.rules)
 * 1:20861 <-> DISABLED <-> EXPLOIT Autodesk Maya dangerous scripting method attempt (exploit.rules)
 * 1:20870 <-> DISABLED <-> EXPLOIT Autodesk 3D Studio Maxscript dangerous scripting method attempt (exploit.rules)
 * 1:20871 <-> DISABLED <-> WEB-MISC Worldweaver DX Studio Player shell.execute command execution attempt (web-misc.rules)
 * 1:20872 <-> DISABLED <-> WEB-MISC Worldweaver DX Studio Player shell.execute command execution attempt (web-misc.rules)
 * 1:20875 <-> DISABLED <-> WEB-ACTIVEX ShockwaveFlash.ShockwaveFlash ActiveX clsid access (web-activex.rules)
 * 1:20878 <-> DISABLED <-> NETBIOS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (netbios.rules)
 * 1:20879 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (web-client.rules)
 * 1:20880 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow Line 21 decoder exploit attempt (specific-threats.rules)
 * 1:20884 <-> DISABLED <-> WEB-CLIENT Microsoft Anti-Cross Site Scripting library bypass attempt (web-client.rules)
 * 1:2090 <-> DISABLED <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules)
 * 1:20900 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media MIDI file memory corruption attempt (specific-threats.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21000 <-> DISABLED <-> SCADA Microsys PROMOTIC ActiveX clsid access (scada.rules)
 * 1:21001 <-> DISABLED <-> SCADA Microsys PROMOTIC ActiveX function call access (scada.rules)
 * 1:21051 <-> DISABLED <-> WEB-MISC Apple OSX software update command execution attempt (web-misc.rules)
 * 1:21080 <-> DISABLED <-> WEB-CLIENT RDS.Dataspace ActiveX object code execution attempt (web-client.rules)
 * 1:21086 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer object clone deletion memory corruption (specific-threats.rules)
 * 1:21090 <-> DISABLED <-> SPECIFIC-THREATS Nullsoft Winamp player mp4 memory corruption attempt (specific-threats.rules)
 * 1:21091 <-> DISABLED <-> SPECIFIC-THREATS Nullsoft Winamp player mp4 memory corruption attempt (specific-threats.rules)
 * 1:21093 <-> DISABLED <-> EXPLOIT A-PDF Wav to mp3 converter buffer overfow (exploit.rules)
 * 1:21107 <-> DISABLED <-> SPECIFIC-THREATS MJM Quickplayer s3m buffer overflow (specific-threats.rules)
 * 1:21112 <-> DISABLED <-> EXPLOIT RealNetworks RealPlayer mpeg width integer memory underflow attempt (exploit.rules)
 * 1:2115 <-> DISABLED <-> WEB-CGI album.pl access (web-cgi.rules)
 * 1:21154 <-> DISABLED <-> WEB-CLIENT Mozilla products floating point buffer overflow attempt (web-client.rules)
 * 1:21155 <-> DISABLED <-> WEB-CLIENT Mozilla products floating point buffer overflow attempt (web-client.rules)
 * 1:21159 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media MIDI file memory corruption attempt (specific-threats.rules)
 * 1:2116 <-> DISABLED <-> WEB-CGI chipcfg.cgi access (web-cgi.rules)
 * 1:21164 <-> DISABLED <-> NETBIOS Samba username map script command injection attempt (netbios.rules)
 * 1:21165 <-> DISABLED <-> WEB-CLIENT multiple products GeckoActiveX COM object recon attempt (web-client.rules)
 * 1:21166 <-> DISABLED <-> WEB-CLIENT Google Chrome https spoofing attempt (web-client.rules)
 * 1:21167 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Media MIDI file memory corruption attempt (specific-threats.rules)
 * 1:21169 <-> DISABLED <-> SPYWARE-PUT Apperhand SDK advertising data request - Counterclank (spyware-put.rules)
 * 1:2117 <-> DISABLED <-> WEB-IIS Battleaxe Forum login.asp access (web-iis.rules)
 * 1:21173 <-> DISABLED <-> POLICY APP-CONTROL Thunder p2p application download detection (policy.rules)
 * 1:21176 <-> DISABLED <-> SPYWARE-PUT Win32.WindowsOptimizationAndSecurity outbound connection (spyware-put.rules)
 * 1:21184 <-> DISABLED <-> SPYWARE-PUT Internet Security 2010 outbound connection (spyware-put.rules)
 * 1:21190 <-> DISABLED <-> POLICY-OTHER Mozilla Multiple Products MozOrientation loading attempt (policy-other.rules)
 * 1:21191 <-> DISABLED <-> NETBIOS Mozilla Multiple Products MozOrientation loading attempt (netbios.rules)
 * 1:21264 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Internet Security 2004 ActiveX function call (web-activex.rules)
 * 1:2127 <-> DISABLED <-> WEB-CGI ikonboard.cgi access (web-cgi.rules)
 * 1:21272 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer orphan DOM objects memory corruption attempt (web-client.rules)
 * 1:2128 <-> DISABLED <-> WEB-CGI swsrv.cgi access (web-cgi.rules)
 * 1:21289 <-> DISABLED <-> NETBIOS Microsoft Color Control Panel STI.dll dll-load exploit attempt (netbios.rules)
 * 1:2129 <-> DISABLED <-> WEB-IIS nsiislog.dll access (web-iis.rules)
 * 1:21290 <-> DISABLED <-> WEB-CLIENT Microsoft Color Control Panel STI.dll dll-load exploit attempt (web-client.rules)
 * 1:2130 <-> DISABLED <-> WEB-IIS IISProtect siteadmin.asp access (web-iis.rules)
 * 1:21300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 9 null character in string information disclosure attempt (web-client.rules)
 * 1:21308 <-> DISABLED <-> EXPLOIT Microsoft Windows C Run-Time Library remote code execution attempt (exploit.rules)
 * 1:21309 <-> DISABLED <-> NETBIOS Microsoft product fputlsat.dll dll-load exploit attempt (netbios.rules)
 * 1:2131 <-> DISABLED <-> WEB-IIS IISProtect access (web-iis.rules)
 * 1:21310 <-> DISABLED <-> WEB-CLIENT Microsoft product fputlsat.dll dll-load exploit attempt (web-client.rules)
 * 1:21316 <-> DISABLED <-> SPECIFIC-THREATS Adobe shockwave director tSAC string termination memory corruption attempt (specific-threats.rules)
 * 1:21319 <-> DISABLED <-> NETBIOS Acrobat Flash Player version.dll dll-load exploit attempt (netbios.rules)
 * 1:2132 <-> DISABLED <-> WEB-IIS Synchrologic Email Accelerator userid list access attempt (web-iis.rules)
 * 1:21320 <-> DISABLED <-> NETBIOS Acrobat Flash Player atl.dll dll-load exploit attempt (netbios.rules)
 * 1:21321 <-> DISABLED <-> NETBIOS Acrobat Flash Player uxtheme.dll dll-load exploit attempt (netbios.rules)
 * 1:21322 <-> DISABLED <-> WEB-CLIENT Acrobat Flash Player version.dll dll-load exploit attempt (web-client.rules)
 * 1:21323 <-> DISABLED <-> WEB-CLIENT Acrobat Flash Player atl.dll dll-load exploit attempt (web-client.rules)
 * 1:21324 <-> DISABLED <-> WEB-CLIENT Acrobat Flash Player uxtheme.dll dll-load exploit attempt (web-client.rules)
 * 1:21325 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross site request forgery attempt (specific-threats.rules)
 * 1:21326 <-> DISABLED <-> EXPLOIT Adobe Flash Player ActiveX URL import attempt (exploit.rules)
 * 1:2133 <-> DISABLED <-> WEB-IIS MS BizTalk server access (web-iis.rules)
 * 1:21335 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (specific-threats.rules)
 * 1:21336 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ASConstructor insecure calling attempt (specific-threats.rules)
 * 1:2134 <-> DISABLED <-> WEB-IIS register.asp access (web-iis.rules)
 * 1:21353 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer mouse drag hijack (web-client.rules)
 * 1:21370 <-> DISABLED <-> NETBIOS Samba name mangling buffer overflow attempt (netbios.rules)
 * 1:21392 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer writing-mode property memory corruption attempt (specific-threats.rules)
 * 1:21397 <-> DISABLED <-> SPECIFIC-THREATS MicroP mppl stack buffer overflow (specific-threats.rules)
 * 1:21399 <-> DISABLED <-> WEB-CLIENT Opera Web Browser History Search Input validation vulnerability (web-client.rules)
 * 1:21405 <-> DISABLED <-> WEB-CLIENT Microsoft Anti-Cross Site Scripting library bypass attempt (web-client.rules)
 * 1:21442 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - base64 encoded (blacklist.rules)
 * 1:21457 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:21462 <-> DISABLED <-> WEB-CLIENT Sun Java Plugin security bypass (web-client.rules)
 * 1:21504 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (specific-threats.rules)
 * 1:21505 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (specific-threats.rules)
 * 1:21506 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (specific-threats.rules)
 * 1:21507 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (specific-threats.rules)
 * 1:21508 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (specific-threats.rules)
 * 1:21515 <-> DISABLED <-> WEB-MISC Apache Tomcat Web Application Manager access (web-misc.rules)
 * 1:21516 <-> DISABLED <-> WEB-MISC JBoss JMX console access (web-misc.rules)
 * 1:21517 <-> DISABLED <-> WEB-MISC JBoss admin-console access (web-misc.rules)
 * 1:21524 <-> DISABLED <-> EXPLOIT Microsoft Windows object packager dialogue code execution attempt (exploit.rules)
 * 1:21529 <-> DISABLED <-> NETBIOS SMB Trans2 Find_First2 filename overflow attempt (netbios.rules)
 * 1:21530 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player action script 3 bitmap malicious rectangle attempt (specific-threats.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:21566 <-> DISABLED <-> NETBIOS Microsoft Expression Design wintab32.dll dll-load exploit attempt (netbios.rules)
 * 1:21567 <-> DISABLED <-> WEB-CLIENT Microsoft Expression Design wintab32.dll dll-load exploit attempt (web-client.rules)
 * 1:21569 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer toStaticHTML XSS attempt (web-client.rules)
 * 1:2157 <-> DISABLED <-> WEB-IIS IISProtect globaladmin.asp access (web-iis.rules)
 * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules)
 * 1:21589 <-> DISABLED <-> WEB-ACTIVEX IBM eGatherer ActiveX clsid access (web-activex.rules)
 * 1:21590 <-> DISABLED <-> WEB-ACTIVEX IBM eGatherer ActiveX function call access (web-activex.rules)
 * 1:21609 <-> DISABLED <-> WEB-MISC SurgeMail webmail.exe page format string exploit attempt (web-misc.rules)
 * 1:21610 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Refroso.azyg runtime detection (spyware-put.rules)
 * 1:21633 <-> DISABLED <-> NETBIOS Microsoft Windows wab32res.dll dll-load exploit attempt (netbios.rules)
 * 1:21634 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wab32res.dll dll-load exploit attempt (web-client.rules)
 * 1:21640 <-> DISABLED <-> SPECIFIC-THREATS Possible Phoenix exploit kit landing page (specific-threats.rules)
 * 1:21641 <-> DISABLED <-> SPECIFIC-THREATS Possible banking trojan with known banking strings (specific-threats.rules)
 * 1:21642 <-> DISABLED <-> SPECIFIC-THREATS Possible malicious jar file download page (specific-threats.rules)
 * 1:21668 <-> DISABLED <-> SPECIFIC-THREATS Java exploit kit iframe drive by attempt (specific-threats.rules)
 * 1:21754 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:21759 <-> DISABLED <-> SPECIFIC-THREATS Ultra Shareware Office HttpUpload buffer overflow attempt (specific-threats.rules)
 * 1:21790 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (specific-threats.rules)
 * 1:21793 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (web-client.rules)
 * 1:21796 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Exploroer iframe onreadystatechange handler use-after-free attempt (web-client.rules)
 * 1:21806 <-> ENABLED <-> NETBIOS Samba malicious user defined array size and buffer attempt (netbios.rules)
 * 1:21882 <-> DISABLED <-> WEB-ACTIVEX ICONICS WebHMI ActiveX clsid access attempt (web-activex.rules)
 * 1:21883 <-> DISABLED <-> WEB-ACTIVEX ICONICS WebHMI ActiveX clsid access attempt (web-activex.rules)
 * 1:2191 <-> DISABLED <-> NETBIOS SMB DCERPC invalid bind attempt (netbios.rules)
 * 1:2194 <-> DISABLED <-> WEB-CGI CSMailto.cgi access (web-cgi.rules)
 * 1:2195 <-> DISABLED <-> WEB-CGI alert.cgi access (web-cgi.rules)
 * 1:2196 <-> DISABLED <-> WEB-CGI catgy.cgi access (web-cgi.rules)
 * 1:2197 <-> DISABLED <-> WEB-CGI cvsview2.cgi access (web-cgi.rules)
 * 1:2198 <-> DISABLED <-> WEB-CGI cvslog.cgi access (web-cgi.rules)
 * 1:2199 <-> DISABLED <-> WEB-CGI multidiff.cgi access (web-cgi.rules)
 * 1:2200 <-> DISABLED <-> WEB-CGI dnewsweb.cgi access (web-cgi.rules)
 * 1:2201 <-> DISABLED <-> WEB-CGI download.cgi access (web-cgi.rules)
 * 1:2202 <-> DISABLED <-> WEB-CGI edit_action.cgi access (web-cgi.rules)
 * 1:2203 <-> DISABLED <-> WEB-CGI everythingform.cgi access (web-cgi.rules)
 * 1:2204 <-> DISABLED <-> WEB-CGI ezadmin.cgi access (web-cgi.rules)
 * 1:2205 <-> DISABLED <-> WEB-CGI ezboard.cgi access (web-cgi.rules)
 * 1:22058 <-> ENABLED <-> BOTNET-CNC Trojan.Kbot variant outbound connection (botnet-cnc.rules)
 * 1:2206 <-> DISABLED <-> WEB-CGI ezman.cgi access (web-cgi.rules)
 * 1:22061 <-> DISABLED <-> SPECIFIC-THREATS Alureon - Malicious IFRAME load attempt (specific-threats.rules)
 * 1:2207 <-> DISABLED <-> WEB-CGI fileseek.cgi access (web-cgi.rules)
 * 1:2208 <-> DISABLED <-> WEB-CGI fom.cgi access (web-cgi.rules)
 * 1:2209 <-> DISABLED <-> WEB-CGI getdoc.cgi access (web-cgi.rules)
 * 1:2210 <-> DISABLED <-> WEB-CGI global.cgi access (web-cgi.rules)
 * 1:2211 <-> DISABLED <-> WEB-CGI guestserver.cgi access (web-cgi.rules)
 * 1:2212 <-> DISABLED <-> WEB-CGI imageFolio.cgi access (web-cgi.rules)
 * 1:2213 <-> DISABLED <-> WEB-CGI mailfile.cgi access (web-cgi.rules)
 * 1:2214 <-> DISABLED <-> WEB-CGI mailview.cgi access (web-cgi.rules)
 * 1:2215 <-> DISABLED <-> WEB-CGI nsManager.cgi access (web-cgi.rules)
 * 1:2216 <-> DISABLED <-> WEB-CGI readmail.cgi access (web-cgi.rules)
 * 1:2217 <-> DISABLED <-> WEB-CGI printmail.cgi access (web-cgi.rules)
 * 1:2218 <-> DISABLED <-> WEB-CGI service.cgi access (web-cgi.rules)
 * 1:2219 <-> DISABLED <-> WEB-CGI setpasswd.cgi access (web-cgi.rules)
 * 1:2220 <-> DISABLED <-> WEB-CGI simplestmail.cgi access (web-cgi.rules)
 * 1:2221 <-> DISABLED <-> WEB-CGI ws_mail.cgi access (web-cgi.rules)
 * 1:2222 <-> DISABLED <-> WEB-CGI nph-exploitscanget.cgi access (web-cgi.rules)
 * 1:2223 <-> DISABLED <-> WEB-CGI csNews.cgi access (web-cgi.rules)
 * 1:2224 <-> DISABLED <-> WEB-CGI psunami.cgi access (web-cgi.rules)
 * 1:2225 <-> DISABLED <-> WEB-CGI gozila.cgi access (web-cgi.rules)
 * 1:2231 <-> DISABLED <-> WEB-MISC register.dll access (web-misc.rules)
 * 1:2232 <-> DISABLED <-> WEB-MISC ContentFilter.dll access (web-misc.rules)
 * 1:2233 <-> DISABLED <-> WEB-MISC SFNofitication.dll access (web-misc.rules)
 * 1:2234 <-> DISABLED <-> WEB-MISC TOP10.dll access (web-misc.rules)
 * 1:2235 <-> DISABLED <-> WEB-MISC SpamExcp.dll access (web-misc.rules)
 * 1:2236 <-> DISABLED <-> WEB-MISC spamrule.dll access (web-misc.rules)
 * 1:2237 <-> DISABLED <-> WEB-MISC cgiWebupdate.exe access (web-misc.rules)
 * 1:2238 <-> DISABLED <-> WEB-MISC WebLogic ConsoleHelp view source attempt (web-misc.rules)
 * 1:2239 <-> DISABLED <-> WEB-MISC redirect.exe access (web-misc.rules)
 * 1:2240 <-> DISABLED <-> WEB-MISC changepw.exe access (web-misc.rules)
 * 1:2241 <-> DISABLED <-> WEB-MISC cwmail.exe access (web-misc.rules)
 * 1:2242 <-> DISABLED <-> WEB-MISC ddicgi.exe access (web-misc.rules)
 * 1:2243 <-> DISABLED <-> WEB-MISC ndcgi.exe access (web-misc.rules)
 * 1:2244 <-> DISABLED <-> WEB-MISC VsSetCookie.exe access (web-misc.rules)
 * 1:2245 <-> DISABLED <-> WEB-MISC Webnews.exe access (web-misc.rules)
 * 1:2246 <-> DISABLED <-> WEB-MISC webadmin.dll access (web-misc.rules)
 * 1:2247 <-> DISABLED <-> WEB-IIS UploadScript11.asp access (web-iis.rules)
 * 1:2248 <-> DISABLED <-> WEB-IIS DirectoryListing.asp access (web-iis.rules)
 * 1:2249 <-> DISABLED <-> WEB-IIS /pcadmin/login.asp access (web-iis.rules)
 * 1:2252 <-> ENABLED <-> NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules)
 * 1:2258 <-> ENABLED <-> NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
 * 1:2276 <-> DISABLED <-> WEB-MISC oracle portal demo access (web-misc.rules)
 * 1:2277 <-> DISABLED <-> WEB-MISC PeopleSoft PeopleBooks psdoccgi access (web-misc.rules)
 * 1:2321 <-> DISABLED <-> WEB-IIS foxweb.exe access (web-iis.rules)
 * 1:2322 <-> DISABLED <-> WEB-IIS foxweb.dll access (web-iis.rules)
 * 1:2323 <-> DISABLED <-> WEB-CGI quickstore.cgi access (web-cgi.rules)
 * 1:2324 <-> DISABLED <-> WEB-IIS VP-ASP shopsearch.asp access (web-iis.rules)
 * 1:2325 <-> DISABLED <-> WEB-IIS VP-ASP ShopDisplayProducts.asp access (web-iis.rules)
 * 1:2326 <-> DISABLED <-> WEB-IIS sgdynamo.exe access (web-iis.rules)
 * 1:2327 <-> DISABLED <-> WEB-MISC bsml.pl access (web-misc.rules)
 * 1:2369 <-> DISABLED <-> WEB-MISC ISAPISkeleton.dll access (web-misc.rules)
 * 1:2370 <-> DISABLED <-> WEB-MISC BugPort config.conf file access (web-misc.rules)
 * 1:2371 <-> DISABLED <-> WEB-MISC Sample_showcode.html access (web-misc.rules)
 * 1:2381 <-> DISABLED <-> WEB-MISC Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (web-misc.rules)
 * 1:2383 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
 * 1:2386 <-> DISABLED <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules)
 * 1:2387 <-> DISABLED <-> WEB-CGI view_broadcast.cgi access (web-cgi.rules)
 * 1:2395 <-> DISABLED <-> WEB-MISC InteractiveQuery.jsp access (web-misc.rules)
 * 1:2396 <-> DISABLED <-> WEB-CGI CCBill whereami.cgi arbitrary command execution attempt (web-cgi.rules)
 * 1:2397 <-> DISABLED <-> WEB-CGI CCBill whereami.cgi access (web-cgi.rules)
 * 1:2400 <-> DISABLED <-> WEB-MISC edittag.pl access (web-misc.rules)
 * 1:2402 <-> DISABLED <-> NETBIOS SMB-DS Session Setup andx username overflow attempt (netbios.rules)
 * 1:2404 <-> DISABLED <-> NETBIOS SMB-DS Session Setup unicode andx username overflow attempt (netbios.rules)
 * 1:2407 <-> DISABLED <-> WEB-MISC util.pl access (web-misc.rules)
 * 1:2408 <-> DISABLED <-> WEB-MISC Invision Power Board search.pl access (web-misc.rules)
 * 1:2434 <-> DISABLED <-> WEB-CGI MDaemon form2raw.cgi access (web-cgi.rules)
 * 1:2437 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer arbitrary javascript command attempt (web-client.rules)
 * 1:2441 <-> DISABLED <-> WEB-MISC NetObserve authentication bypass attempt (web-misc.rules)
 * 1:2447 <-> DISABLED <-> WEB-MISC ServletManager access (web-misc.rules)
 * 1:2448 <-> DISABLED <-> WEB-MISC setinfo.hts access (web-misc.rules)
 * 1:2474 <-> DISABLED <-> NETBIOS SMB-DS ADMIN$ share access (netbios.rules)
 * 1:2484 <-> DISABLED <-> WEB-MISC source.jsp access (web-misc.rules)
 * 1:2485 <-> DISABLED <-> WEB-ACTIVEX Symantec Norton Internet Security 2004 ActiveX clsid access (web-activex.rules)
 * 1:255 <-> DISABLED <-> DNS zone transfer TCP (dns.rules)
 * 1:256 <-> DISABLED <-> DNS named authors attempt (dns.rules)
 * 1:2563 <-> DISABLED <-> NETBIOS NS lookup response name overflow attempt (netbios.rules)
 * 1:2564 <-> DISABLED <-> NETBIOS NS lookup short response attempt (netbios.rules)
 * 1:2567 <-> DISABLED <-> WEB-CGI Emumail init.emu access (web-cgi.rules)
 * 1:2568 <-> DISABLED <-> WEB-CGI Emumail emumail.fcgi access (web-cgi.rules)
 * 1:2569 <-> DISABLED <-> WEB-MISC cPanel resetpass access (web-misc.rules)
 * 1:257 <-> DISABLED <-> DNS named version attempt (dns.rules)
 * 1:2571 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (web-iis.rules)
 * 1:2572 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt (web-iis.rules)
 * 1:2573 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail frmCompose.asp access (web-iis.rules)
 * 1:2577 <-> DISABLED <-> WEB-CLIENT local resource redirection attempt (web-client.rules)
 * 1:258 <-> DISABLED <-> DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
 * 1:2580 <-> DISABLED <-> WEB-MISC server negative Content-Length attempt (web-misc.rules)
 * 1:2581 <-> DISABLED <-> WEB-MISC SAP Crystal Reports crystalimagehandler.aspx access (web-misc.rules)
 * 1:2582 <-> DISABLED <-> WEB-MISC SAP Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
 * 1:2589 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Content-Disposition CLSID command attempt (web-client.rules)
 * 1:259 <-> DISABLED <-> DNS EXPLOIT named overflow ADM (dns.rules)
 * 1:2597 <-> DISABLED <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules)
 * 1:260 <-> DISABLED <-> DNS EXPLOIT named overflow ADMROCKS (dns.rules)
 * 1:261 <-> DISABLED <-> DNS EXPLOIT named overflow attempt (dns.rules)
 * 1:2663 <-> DISABLED <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules)
 * 1:2667 <-> DISABLED <-> WEB-IIS ping.asp access (web-iis.rules)
 * 1:2668 <-> DISABLED <-> WEB-CGI processit access (web-cgi.rules)
 * 1:2669 <-> DISABLED <-> WEB-CGI ibillpm.pl access (web-cgi.rules)
 * 1:2670 <-> DISABLED <-> WEB-CGI pgpmail.pl access (web-cgi.rules)
 * 1:2671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt (web-client.rules)
 * 1:2672 <-> DISABLED <-> WEB-MISC sresult.exe access (web-misc.rules)
 * 1:2701 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules)
 * 1:2702 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules)
 * 1:2703 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules)
 * 1:2704 <-> DISABLED <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules)
 * 1:2705 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products JPEG parser heap overflow attempt (web-client.rules)
 * 1:2921 <-> DISABLED <-> DNS UDP inverse query (dns.rules)
 * 1:2922 <-> DISABLED <-> DNS TCP inverse query (dns.rules)
 * 1:2924 <-> DISABLED <-> NETBIOS SMB-DS repeated logon failure (netbios.rules)
 * 1:2936 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (netbios.rules)
 * 1:3003 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
 * 1:3004 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
 * 1:3005 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
 * 1:3022 <-> ENABLED <-> NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules)
 * 1:3023 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
 * 1:3024 <-> ENABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules)
 * 1:3025 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
 * 1:303 <-> DISABLED <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 * 1:3030 <-> ENABLED <-> NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (netbios.rules)
 * 1:3031 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
 * 1:3032 <-> ENABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules)
 * 1:3033 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
 * 1:3038 <-> ENABLED <-> NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (netbios.rules)
 * 1:3039 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
 * 1:3040 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules)
 * 1:3041 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
 * 1:3046 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3047 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3048 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3049 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3054 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules)
 * 1:3055 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3056 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules)
 * 1:3057 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules)
 * 1:3062 <-> DISABLED <-> WEB-CGI NetScreen SA 5000 delhomepage.cgi access (web-cgi.rules)
 * 1:3086 <-> DISABLED <-> WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (web-misc.rules)
 * 1:3088 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp cda file name overflow attempt (web-client.rules)
 * 1:3114 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (netbios.rules)
 * 1:3131 <-> DISABLED <-> WEB-CGI mailman directory traversal attempt (web-cgi.rules)
 * 1:314 <-> DISABLED <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 * 1:3145 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
 * 1:3146 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
 * 1:3148 <-> DISABLED <-> WEB-CLIENT Microsoft Windows winhelp clsid attempt (web-client.rules)
 * 1:3149 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 5/6 object type overflow attempt (web-client.rules)
 * 1:3153 <-> DISABLED <-> DNS TCP inverse query overflow (dns.rules)
 * 1:3154 <-> DISABLED <-> DNS UDP inverse query overflow (dns.rules)
 * 1:3192 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules)
 * 1:3193 <-> DISABLED <-> WEB-IIS .cmd executable file parsing attack (web-iis.rules)
 * 1:3194 <-> DISABLED <-> WEB-IIS .bat executable file parsing attack (web-iis.rules)
 * 1:3195 <-> DISABLED <-> NETBIOS name query overflow attempt TCP (netbios.rules)
 * 1:3196 <-> DISABLED <-> NETBIOS name query overflow attempt UDP (netbios.rules)
 * 1:3218 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules)
 * 1:3463 <-> DISABLED <-> WEB-CGI awstats access (web-cgi.rules)
 * 1:3464 <-> DISABLED <-> WEB-CGI awstats.pl command execution attempt (web-cgi.rules)
 * 1:3465 <-> DISABLED <-> WEB-CGI RiSearch show.pl proxy attempt (web-cgi.rules)
 * 1:3467 <-> DISABLED <-> WEB-MISC CISCO VoIP Portinformation access (web-misc.rules)
 * 1:3468 <-> DISABLED <-> WEB-CGI math_sum.mscgi access (web-cgi.rules)
 * 1:3469 <-> DISABLED <-> WEB-CGI Ipswitch WhatsUp Gold dos attempt (web-cgi.rules)
 * 1:3470 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer VIDORV30 header length buffer overflow (web-client.rules)
 * 1:3471 <-> DISABLED <-> WEB-CLIENT Apple iTunes playlist URL overflow attempt (web-client.rules)
 * 1:3518 <-> DISABLED <-> WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow (web-misc.rules)
 * 1:3553 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (web-client.rules)
 * 1:3629 <-> DISABLED <-> WEB-MISC sambar /search/results.stm access (web-misc.rules)
 * 1:3638 <-> DISABLED <-> WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules)
 * 1:3643 <-> DISABLED <-> NETBIOS SMB-DS Trans andx data displacement null pointer DOS attempt (netbios.rules)
 * 1:3644 <-> DISABLED <-> NETBIOS SMB-DS Trans data displacement null pointer DOS attempt (netbios.rules)
 * 1:3645 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode data displacement null pointer DOS attempt (netbios.rules)
 * 1:3646 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx data displacement null pointer DOS attempt (netbios.rules)
 * 1:3674 <-> DISABLED <-> WEB-CGI db4web_c directory traversal attempt (web-cgi.rules)
 * 1:3690 <-> DISABLED <-> WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules)
 * 1:3813 <-> DISABLED <-> WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules)
 * 1:3816 <-> DISABLED <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
 * 1:3822 <-> DISABLED <-> WEB-MISC RealNetworks RealPlayer realtext long URI request attempt (web-misc.rules)
 * 1:4128 <-> DISABLED <-> WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules)
 * 1:4132 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer msdds clsid attempt (web-client.rules)
 * 1:4133 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer devenum clsid attempt (web-client.rules)
 * 1:4134 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer blnmgr clsid attempt (web-client.rules)
 * 1:4172 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent v1.5 ActiveX clsid access (web-activex.rules)
 * 1:4334 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:4413 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (netbios.rules)
 * 1:4608 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (netbios.rules)
 * 1:4644 <-> DISABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file with comment buffer overflow attempt (web-client.rules)
 * 1:4650 <-> DISABLED <-> WEB-MISC cacti graph_image.php access (web-misc.rules)
 * 1:4655 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
 * 1:4656 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
 * 1:4657 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
 * 1:4658 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
 * 1:4667 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
 * 1:4668 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
 * 1:4669 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
 * 1:4670 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
 * 1:4680 <-> DISABLED <-> WEB-CLIENT Apple QuickTime movie file component name integer overflow attempt (web-client.rules)
 * 1:4826 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
 * 1:4918 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
 * 1:4986 <-> DISABLED <-> WEB-MISC Twiki view rev command injection attempt (web-misc.rules)
 * 1:4987 <-> DISABLED <-> WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules)
 * 1:509 <-> DISABLED <-> WEB-MISC PCCS mysql database admin tool access (web-misc.rules)
 * 1:5319 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Metasploit picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
 * 1:5678 <-> DISABLED <-> NETBIOS SMB-DS Session Setup username overflow attempt (netbios.rules)
 * 1:5679 <-> DISABLED <-> NETBIOS SMB-DS Session Setup unicode username overflow attempt (netbios.rules)
 * 1:5695 <-> DISABLED <-> WEB-IIS web agent redirect overflow attempt (web-iis.rules)
 * 1:5713 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Metafile invalid header size integer overflow (web-client.rules)
 * 1:5715 <-> DISABLED <-> WEB-MISC Apache malformed ipv6 uri overflow attempt (web-misc.rules)
 * 1:5717 <-> DISABLED <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:5718 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5723 <-> DISABLED <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5724 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5730 <-> DISABLED <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
 * 1:5731 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5736 <-> DISABLED <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5737 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5743 <-> DISABLED <-> SPYWARE-PUT Hijacker actualnames runtime detection - plugin list (spyware-put.rules)
 * 1:5744 <-> DISABLED <-> SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules)
 * 1:5745 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - redirect (spyware-put.rules)
 * 1:5746 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules)
 * 1:5747 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - log hits (spyware-put.rules)
 * 1:5748 <-> DISABLED <-> SPYWARE-PUT Hijacker adultlinks runtime detection - ads (spyware-put.rules)
 * 1:5751 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 1 (spyware-put.rules)
 * 1:5752 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 2 (spyware-put.rules)
 * 1:5753 <-> DISABLED <-> SPYWARE-PUT Adware exactsearch runtime detection - topsearches (spyware-put.rules)
 * 1:5754 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - ie auto search hijack (spyware-put.rules)
 * 1:5755 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - check update (spyware-put.rules)
 * 1:5756 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - add coolsites to ie favorites (spyware-put.rules)
 * 1:5758 <-> DISABLED <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - download fastclick pop-under code (spyware-put.rules)
 * 1:5760 <-> DISABLED <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules)
 * 1:5761 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - ads popup (spyware-put.rules)
 * 1:5762 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - p2p information request (spyware-put.rules)
 * 1:5763 <-> DISABLED <-> SPYWARE-PUT Trickler bearshare runtime detection - chat request (spyware-put.rules)
 * 1:5764 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules)
 * 1:5766 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules)
 * 1:5767 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules)
 * 1:5768 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules)
 * 1:5769 <-> DISABLED <-> SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules)
 * 1:5770 <-> DISABLED <-> SPYWARE-PUT Snoopware casinoonnet runtime detection (spyware-put.rules)
 * 1:5773 <-> DISABLED <-> SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules)
 * 1:5774 <-> DISABLED <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules)
 * 1:5775 <-> DISABLED <-> SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules)
 * 1:5776 <-> DISABLED <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules)
 * 1:5785 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules)
 * 1:5786 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules)
 * 1:5787 <-> DISABLED <-> SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules)
 * 1:5789 <-> DISABLED <-> SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules)
 * 1:5791 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - get pin (spyware-put.rules)
 * 1:5792 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - active proxy (spyware-put.rules)
 * 1:5793 <-> DISABLED <-> SPYWARE-PUT Dialer pluginaccess runtime detection - redirect (spyware-put.rules)
 * 1:5794 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules)
 * 1:5795 <-> DISABLED <-> SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules)
 * 1:5796 <-> DISABLED <-> SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules)
 * 1:5798 <-> DISABLED <-> SPYWARE-PUT Adware mydailyhoroscope runtime detection (spyware-put.rules)
 * 1:5799 <-> DISABLED <-> SPYWARE-PUT mydailyhoroscope update or installation in progress (spyware-put.rules)
 * 1:5800 <-> ENABLED <-> SPYWARE-PUT Trackware myway speedbar runtime detection - request config (spyware-put.rules)
 * 1:5805 <-> ENABLED <-> SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules)
 * 1:5807 <-> ENABLED <-> SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules)
 * 1:5808 <-> ENABLED <-> SPYWARE-PUT Hijacker shop at home search merchant redirect check (spyware-put.rules)
 * 1:5809 <-> ENABLED <-> SPYWARE-PUT Hijacker shop at home select merchant redirect in progress (spyware-put.rules)
 * 1:5810 <-> DISABLED <-> SPYWARE-PUT Hijacker shop at home select installation in progress (spyware-put.rules)
 * 1:5811 <-> DISABLED <-> SPYWARE-PUT shop at home select installation in progress - clsid detected (spyware-put.rules)
 * 1:5824 <-> DISABLED <-> SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules)
 * 1:5825 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules)
 * 1:5826 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - pass user info to server (spyware-put.rules)
 * 1:5827 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - get gateway (spyware-put.rules)
 * 1:5828 <-> DISABLED <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules)
 * 1:5829 <-> DISABLED <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules)
 * 1:5834 <-> DISABLED <-> SPYWARE-PUT Trickler conscorr runtime detection (spyware-put.rules)
 * 1:5835 <-> DISABLED <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules)
 * 1:5836 <-> DISABLED <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules)
 * 1:5837 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules)
 * 1:5838 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules)
 * 1:5839 <-> DISABLED <-> SPYWARE-PUT Trackware ucmore runtime detection - click sponsor/ad link (spyware-put.rules)
 * 1:5840 <-> DISABLED <-> SPYWARE-PUT Hijacker sep runtime detection (spyware-put.rules)
 * 1:5841 <-> DISABLED <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules)
 * 1:5842 <-> DISABLED <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules)
 * 1:5843 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - hijack ie auto search (spyware-put.rules)
 * 1:5844 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - post request (spyware-put.rules)
 * 1:5845 <-> DISABLED <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - update request (spyware-put.rules)
 * 1:5846 <-> DISABLED <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules)
 * 1:5847 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - p2p client home (spyware-put.rules)
 * 1:5848 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - ip.php request (spyware-put.rules)
 * 1:5849 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - update request (spyware-put.rules)
 * 1:5850 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - check update (spyware-put.rules)
 * 1:5851 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - .txt .dat and .lst requests (spyware-put.rules)
 * 1:5852 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules)
 * 1:5853 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules)
 * 1:5854 <-> DISABLED <-> SPYWARE-PUT Adware warez_p2p runtime detection - pass user information (spyware-put.rules)
 * 1:5855 <-> DISABLED <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - request config (spyware-put.rules)
 * 1:5857 <-> DISABLED <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules)
 * 1:5859 <-> DISABLED <-> SPYWARE-PUT Hijacker daosearch runtime detection - information request (spyware-put.rules)
 * 1:5860 <-> DISABLED <-> SPYWARE-PUT Hijacker daosearch runtime detection - search hijack (spyware-put.rules)
 * 1:5862 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - search hijack 1 (spyware-put.rules)
 * 1:5863 <-> DISABLED <-> SPYWARE-PUT Hijacker isearch runtime detection - search hijack 2 (spyware-put.rules)
 * 1:5865 <-> DISABLED <-> SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules)
 * 1:5868 <-> DISABLED <-> SPYWARE-PUT Hijacker couponbar runtime detection - view coupon offers (spyware-put.rules)
 * 1:5871 <-> DISABLED <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules)
 * 1:5872 <-> DISABLED <-> SPYWARE-PUT Snoopware hyperlinker runtime detection (spyware-put.rules)
 * 1:5883 <-> ENABLED <-> SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules)
 * 1:5887 <-> ENABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - ie search assistant hijack (spyware-put.rules)
 * 1:5889 <-> ENABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules)
 * 1:5890 <-> DISABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules)
 * 1:5891 <-> DISABLED <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules)
 * 1:5898 <-> DISABLED <-> SPYWARE-PUT Trackware adtools runtime detection - track user activity (spyware-put.rules)
 * 1:5899 <-> DISABLED <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules)
 * 1:5900 <-> ENABLED <-> SPYWARE-PUT Trackware adtools-communicator runtime detection - collect information (spyware-put.rules)
 * 1:5901 <-> ENABLED <-> SPYWARE-PUT Trackware adtools-communicator runtime detection - download self-update (spyware-put.rules)
 * 1:5902 <-> DISABLED <-> SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules)
 * 1:5903 <-> ENABLED <-> SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules)
 * 1:5904 <-> ENABLED <-> SPYWARE-PUT Adware download accelerator plus runtime detection - download files (spyware-put.rules)
 * 1:5905 <-> ENABLED <-> SPYWARE-PUT Adware download accelerator plus runtime detection - games center request (spyware-put.rules)
 * 1:5906 <-> ENABLED <-> SPYWARE-PUT Adware download accelerator plus runtime detection - update (spyware-put.rules)
 * 1:5907 <-> ENABLED <-> SPYWARE-PUT Trackware e2give runtime detection - check update (spyware-put.rules)
 * 1:5908 <-> ENABLED <-> SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 1 (spyware-put.rules)
 * 1:5909 <-> ENABLED <-> SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 2 (spyware-put.rules)
 * 1:5911 <-> DISABLED <-> SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules)
 * 1:5913 <-> DISABLED <-> SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules)
 * 1:5918 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules)
 * 1:5919 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - redirect to klikvipsearch (spyware-put.rules)
 * 1:5920 <-> DISABLED <-> SPYWARE-PUT Hijacker painter runtime detection - redirect yahoo search through online-casino-searcher (spyware-put.rules)
 * 1:5923 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - side search request (spyware-put.rules)
 * 1:5924 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - redirect (spyware-put.rules)
 * 1:5925 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules)
 * 1:5926 <-> DISABLED <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules)
 * 1:5927 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules)
 * 1:5928 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules)
 * 1:5929 <-> DISABLED <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules)
 * 1:5930 <-> ENABLED <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules)
 * 1:5932 <-> ENABLED <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules)
 * 1:5933 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - search request 1 (spyware-put.rules)
 * 1:5934 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - search request 2 (spyware-put.rules)
 * 1:5935 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - search request 3 (spyware-put.rules)
 * 1:5936 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - side search (spyware-put.rules)
 * 1:5937 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - pass information to its controlling server (spyware-put.rules)
 * 1:5938 <-> ENABLED <-> SPYWARE-PUT Hijacker dropspam runtime detection - third party information collection (spyware-put.rules)
 * 1:5944 <-> DISABLED <-> SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules)
 * 1:5945 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules)
 * 1:5946 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules)
 * 1:5947 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - log url (spyware-put.rules)
 * 1:5948 <-> DISABLED <-> SPYWARE-PUT Adware weirdontheweb runtime detection - update notifier (spyware-put.rules)
 * 1:5952 <-> DISABLED <-> SPYWARE-PUT Hijacker 123mania runtime detection - autosearch hijacking (spyware-put.rules)
 * 1:5953 <-> DISABLED <-> SPYWARE-PUT Hijacker 123mania runtime detection - sidesearch hijacking (spyware-put.rules)
 * 1:5954 <-> DISABLED <-> SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules)
 * 1:5955 <-> DISABLED <-> SPYWARE-PUT Trackware browserpal runtime detection - adblocker function (spyware-put.rules)
 * 1:5956 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool ghostvoice 1.02 icq notification of server installation (spyware-put.rules)
 * 1:5959 <-> DISABLED <-> SPYWARE-PUT Hijacker raxsearch detection - send search keywords to raxsearch (spyware-put.rules)
 * 1:5960 <-> DISABLED <-> SPYWARE-PUT Hijacker raxsearch detection - pop-up raxsearch window (spyware-put.rules)
 * 1:5961 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules)
 * 1:5962 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - catch search keyword (spyware-put.rules)
 * 1:5963 <-> DISABLED <-> SPYWARE-PUT Hijacker searchfast detection - search request (spyware-put.rules)
 * 1:5966 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules)
 * 1:5967 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - click result links (spyware-put.rules)
 * 1:5968 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - redirect (spyware-put.rules)
 * 1:5969 <-> DISABLED <-> SPYWARE-PUT trackware searchinweb detection - collect information (spyware-put.rules)
 * 1:5970 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules)
 * 1:5971 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules)
 * 1:5972 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - ie autosearch hijack 1 (spyware-put.rules)
 * 1:5973 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules)
 * 1:5974 <-> DISABLED <-> SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules)
 * 1:5975 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules)
 * 1:5976 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules)
 * 1:5977 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules)
 * 1:5978 <-> DISABLED <-> SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules)
 * 1:5983 <-> DISABLED <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules)
 * 1:5986 <-> DISABLED <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules)
 * 1:5988 <-> DISABLED <-> SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules)
 * 1:5989 <-> DISABLED <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules)
 * 1:5990 <-> DISABLED <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules)
 * 1:5991 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - search request (spyware-put.rules)
 * 1:5992 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules)
 * 1:5993 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules)
 * 1:5994 <-> DISABLED <-> SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules)
 * 1:5995 <-> DISABLED <-> SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules)
 * 1:5996 <-> DISABLED <-> SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules)
 * 1:6183 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - tracked event URL (spyware-put.rules)
 * 1:6184 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - config upload (spyware-put.rules)
 * 1:6185 <-> DISABLED <-> SPYWARE-PUT Adware 180Search assistant runtime detection - reporting keyword (spyware-put.rules)
 * 1:6186 <-> DISABLED <-> SPYWARE-PUT Other-Technologies SpywareStrike Runtime Detection (spyware-put.rules)
 * 1:6187 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules)
 * 1:6188 <-> DISABLED <-> SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules)
 * 1:6192 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules)
 * 1:6193 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - pop up ads (spyware-put.rules)
 * 1:6194 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - config upload (spyware-put.rules)
 * 1:6195 <-> DISABLED <-> SPYWARE-PUT Adware seekmo runtime detection - download .cab (spyware-put.rules)
 * 1:6196 <-> DISABLED <-> SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules)
 * 1:6197 <-> DISABLED <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules)
 * 1:6198 <-> DISABLED <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules)
 * 1:6199 <-> DISABLED <-> SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules)
 * 1:6200 <-> DISABLED <-> SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules)
 * 1:6201 <-> DISABLED <-> SPYWARE-PUT Adware twaintec runtime detection (spyware-put.rules)
 * 1:6202 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext installtime/update request (spyware-put.rules)
 * 1:6203 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules)
 * 1:6204 <-> DISABLED <-> SPYWARE-PUT Trickler farmmext runtime detection - track activity (spyware-put.rules)
 * 1:6209 <-> DISABLED <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules)
 * 1:6211 <-> DISABLED <-> SPYWARE-PUT Adware deskwizz runtime detection - pop-up ad request (spyware-put.rules)
 * 1:6212 <-> DISABLED <-> SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules)
 * 1:6213 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules)
 * 1:6214 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - search (spyware-put.rules)
 * 1:6215 <-> DISABLED <-> SPYWARE-PUT Hijacker 7fasst runtime detection - track (spyware-put.rules)
 * 1:6216 <-> DISABLED <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - config (spyware-put.rules)
 * 1:6218 <-> DISABLED <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads (spyware-put.rules)
 * 1:6219 <-> DISABLED <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules)
 * 1:6222 <-> DISABLED <-> SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules)
 * 1:6223 <-> DISABLED <-> SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules)
 * 1:6224 <-> DISABLED <-> SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules)
 * 1:6232 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules)
 * 1:6233 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules)
 * 1:6234 <-> DISABLED <-> SPYWARE-PUT Adware mirar runtime detection - ads (spyware-put.rules)
 * 1:6236 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - pass info to server (spyware-put.rules)
 * 1:6237 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules)
 * 1:6238 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - collect info request 1 (spyware-put.rules)
 * 1:6239 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules)
 * 1:6240 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - pop up ads (spyware-put.rules)
 * 1:6241 <-> DISABLED <-> SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules)
 * 1:6242 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch.cameup runtime detection (spyware-put.rules)
 * 1:6243 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - home page hijack (spyware-put.rules)
 * 1:6244 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - ie auto search hijack (spyware-put.rules)
 * 1:6245 <-> DISABLED <-> SPYWARE-PUT Hijacker coolwebsearch startpage runtime detection (spyware-put.rules)
 * 1:6246 <-> DISABLED <-> SPYWARE-PUT Hijacker exact navisearch runtime detection - search hijack (spyware-put.rules)
 * 1:6247 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - help redirect (spyware-put.rules)
 * 1:6248 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - popup (spyware-put.rules)
 * 1:6249 <-> DISABLED <-> SPYWARE-PUT Adware ezula toptext runtime detection - redirect (spyware-put.rules)
 * 1:6250 <-> DISABLED <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules)
 * 1:6251 <-> DISABLED <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules)
 * 1:6256 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire installtime/auto-update (spyware-put.rules)
 * 1:6257 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - testgeonew query (spyware-put.rules)
 * 1:6258 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - get engine file (spyware-put.rules)
 * 1:6259 <-> DISABLED <-> SPYWARE-PUT Adware searchsquire runtime detection - search forward (spyware-put.rules)
 * 1:6260 <-> DISABLED <-> SPYWARE-PUT Adware overpro runtime detection (spyware-put.rules)
 * 1:6263 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - collect information (spyware-put.rules)
 * 1:6264 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - movie (spyware-put.rules)
 * 1:6265 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - engine (spyware-put.rules)
 * 1:6266 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - check update (spyware-put.rules)
 * 1:6267 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - get update (spyware-put.rules)
 * 1:6268 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - download exe (spyware-put.rules)
 * 1:6269 <-> DISABLED <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - track event (spyware-put.rules)
 * 1:6270 <-> DISABLED <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules)
 * 1:6271 <-> DISABLED <-> SPYWARE-PUT Trickler bundleware runtime detection (spyware-put.rules)
 * 1:6274 <-> DISABLED <-> SPYWARE-PUT Trickler clickalchemy runtime detection (spyware-put.rules)
 * 1:6275 <-> DISABLED <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules)
 * 1:6279 <-> DISABLED <-> SPYWARE-PUT Hijacker sidefind runtime detection (spyware-put.rules)
 * 1:6280 <-> DISABLED <-> SPYWARE-PUT Hijacker sidefind runtime detection - cookie (spyware-put.rules)
 * 1:6281 <-> DISABLED <-> SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules)
 * 1:6283 <-> DISABLED <-> SPYWARE-PUT Hijacker websearch runtime detection - sitereview (spyware-put.rules)
 * 1:6284 <-> DISABLED <-> SPYWARE-PUT Hijacker websearch runtime detection - webstat (spyware-put.rules)
 * 1:6341 <-> DISABLED <-> SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules)
 * 1:6342 <-> DISABLED <-> SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules)
 * 1:6343 <-> DISABLED <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules)
 * 1:6344 <-> DISABLED <-> SPYWARE-PUT Adware excite search bar runtime detection - config (spyware-put.rules)
 * 1:6345 <-> DISABLED <-> SPYWARE-PUT Adware excite search bar runtime detection - search (spyware-put.rules)
 * 1:6346 <-> DISABLED <-> SPYWARE-PUT Adware stationripper update detection (spyware-put.rules)
 * 1:6347 <-> DISABLED <-> SPYWARE-PUT Adware stationripper ad display detection (spyware-put.rules)
 * 1:6348 <-> DISABLED <-> SPYWARE-PUT Snoopware zenosearch runtime detection (spyware-put.rules)
 * 1:6349 <-> DISABLED <-> SPYWARE-PUT Hijacker richfind update detection (spyware-put.rules)
 * 1:6350 <-> DISABLED <-> SPYWARE-PUT Hijacker richfind auto search redirect detection (spyware-put.rules)
 * 1:6351 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock update detection (spyware-put.rules)
 * 1:6352 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock auto search redirect detection (spyware-put.rules)
 * 1:6353 <-> DISABLED <-> SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules)
 * 1:6354 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - auto update (spyware-put.rules)
 * 1:6355 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - mp3 search (spyware-put.rules)
 * 1:6356 <-> DISABLED <-> SPYWARE-PUT Trickler wsearch runtime detection - desktop search (spyware-put.rules)
 * 1:6357 <-> DISABLED <-> SPYWARE-PUT Hijacker need2find initial configuration detection (spyware-put.rules)
 * 1:6358 <-> DISABLED <-> SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules)
 * 1:6359 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules)
 * 1:6360 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules)
 * 1:6361 <-> DISABLED <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules)
 * 1:6362 <-> DISABLED <-> SPYWARE-PUT Hijacker microgaming runtime detection (spyware-put.rules)
 * 1:6363 <-> DISABLED <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules)
 * 1:6364 <-> DISABLED <-> SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules)
 * 1:6365 <-> DISABLED <-> SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules)
 * 1:6366 <-> DISABLED <-> SPYWARE-PUT Trickler eacceleration downloadreceiver user-agent string detected (spyware-put.rules)
 * 1:6367 <-> DISABLED <-> SPYWARE-PUT Trickler eacceleration downloadreceiver runtime detection - stop-sign ads (spyware-put.rules)
 * 1:6368 <-> DISABLED <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - update request (spyware-put.rules)
 * 1:6371 <-> DISABLED <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - pop up ads (spyware-put.rules)
 * 1:6372 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules)
 * 1:6373 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules)
 * 1:6374 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules)
 * 1:6375 <-> DISABLED <-> SPYWARE-PUT Trickler spyblocs.eblocs detection - register request (spyware-put.rules)
 * 1:6378 <-> DISABLED <-> SPYWARE-PUT Hijacker adbars runtime detection - homepage hijack (spyware-put.rules)
 * 1:6387 <-> DISABLED <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - autosearch hijack (spyware-put.rules)
 * 1:6388 <-> DISABLED <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - error page hijack (spyware-put.rules)
 * 1:6389 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - postinstall request (spyware-put.rules)
 * 1:6390 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
 * 1:6391 <-> DISABLED <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
 * 1:6392 <-> DISABLED <-> SPYWARE-PUT Hijacker zeropopup runtime detection (spyware-put.rules)
 * 1:6394 <-> DISABLED <-> SPYWARE-PUT Hijacker adstart runtime detection (spyware-put.rules)
 * 1:6479 <-> DISABLED <-> SPYWARE-PUT Snoopware totalvelocity zsearch runtime detection (spyware-put.rules)
 * 1:6480 <-> DISABLED <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - home page (spyware-put.rules)
 * 1:6481 <-> DISABLED <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules)
 * 1:6489 <-> DISABLED <-> SPYWARE-PUT Hijacker analyze IE runtime detection - default page hijacker (spyware-put.rules)
 * 1:6490 <-> DISABLED <-> SPYWARE-PUT Dialer yeaknet runtime detection - home page hijacker (spyware-put.rules)
 * 1:6491 <-> DISABLED <-> SPYWARE-PUT Dialer yeaknet runtime detection - post-installation (spyware-put.rules)
 * 1:6494 <-> DISABLED <-> SPYWARE-PUT Adware yourenhancement runtime detection (spyware-put.rules)
 * 1:6495 <-> DISABLED <-> SPYWARE-PUT Hijacker troj_spywad.x runtime detection (spyware-put.rules)
 * 1:6496 <-> DISABLED <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules)
 * 1:6506 <-> DISABLED <-> WEB-CLIENT Apple QuickTime udta atom overflow attempt (web-client.rules)
 * 1:6510 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (web-client.rules)
 * 1:6584 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules)
 * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:6810 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (netbios.rules)
 * 1:7036 <-> DISABLED <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7039 <-> DISABLED <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
 * 1:7040 <-> DISABLED <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
 * 1:7049 <-> DISABLED <-> SPYWARE-PUT Hijacker extreme biz runtime detection - uniq1 (spyware-put.rules)
 * 1:7051 <-> DISABLED <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - spyware injection (spyware-put.rules)
 * 1:7052 <-> DISABLED <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - adv (spyware-put.rules)
 * 1:7053 <-> DISABLED <-> SPYWARE-PUT Adware webredir runtime detection (spyware-put.rules)
 * 1:7054 <-> DISABLED <-> SPYWARE-PUT Trickler download arq variant runtime detection (spyware-put.rules)
 * 1:7055 <-> DISABLED <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules)
 * 1:7070 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer encoded cross site scripting attempt (web-misc.rules)
 * 1:7071 <-> DISABLED <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
 * 1:7123 <-> DISABLED <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - update (spyware-put.rules)
 * 1:7124 <-> DISABLED <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - buy (spyware-put.rules)
 * 1:7125 <-> DISABLED <-> SPYWARE-PUT Hijacker traffbest biz runtime detection - adv (spyware-put.rules)
 * 1:7127 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (spyware-put.rules)
 * 1:7128 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (spyware-put.rules)
 * 1:7129 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (spyware-put.rules)
 * 1:7130 <-> DISABLED <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (spyware-put.rules)
 * 1:7135 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - config info retrieval (spyware-put.rules)
 * 1:7136 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - search assistant redirect (spyware-put.rules)
 * 1:7137 <-> DISABLED <-> SPYWARE-PUT Hijacker dsrch runtime detection - side search redirect (spyware-put.rules)
 * 1:7138 <-> DISABLED <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules)
 * 1:7139 <-> DISABLED <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules)
 * 1:7140 <-> DISABLED <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules)
 * 1:7141 <-> DISABLED <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules)
 * 1:7142 <-> DISABLED <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules)
 * 1:7143 <-> DISABLED <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules)
 * 1:7144 <-> DISABLED <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules)
 * 1:7145 <-> DISABLED <-> SPYWARE-PUT Other-Technologies spam maxy runtime detection (spyware-put.rules)
 * 1:7148 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - cgi notification (spyware-put.rules)
 * 1:7152 <-> DISABLED <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - installation (spyware-put.rules)
 * 1:7153 <-> DISABLED <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - hijacking (spyware-put.rules)
 * 1:7155 <-> DISABLED <-> SPYWARE-PUT Trickler jubster runtime detection (spyware-put.rules)
 * 1:7187 <-> DISABLED <-> SPYWARE-PUT Trackware shopathome user-agent detected (spyware-put.rules)
 * 1:7188 <-> DISABLED <-> SPYWARE-PUT Hijacker shop at home select - merchant redirect in progress (spyware-put.rules)
 * 1:7189 <-> DISABLED <-> SPYWARE-PUT Trackware shopathome runtime detection - setcookie request (spyware-put.rules)
 * 1:7190 <-> DISABLED <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules)
 * 1:7194 <-> DISABLED <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules)
 * 1:7195 <-> DISABLED <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules)
 * 1:7422 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC mmcndmgr.dll cross site scripting attempt (exploit.rules)
 * 1:7423 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC mmc.exe cross site scripting attempt (exploit.rules)
 * 1:7424 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC createcab.cmd cross site scripting attempt (exploit.rules)
 * 1:7510 <-> DISABLED <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - version verification (spyware-put.rules)
 * 1:7511 <-> DISABLED <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules)
 * 1:7515 <-> DISABLED <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules)
 * 1:7517 <-> DISABLED <-> SPYWARE-PUT Hijacker chinese keywords runtime detection (spyware-put.rules)
 * 1:7524 <-> DISABLED <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules)
 * 1:7529 <-> DISABLED <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules)
 * 1:7530 <-> DISABLED <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - trickler (spyware-put.rules)
 * 1:7532 <-> DISABLED <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules)
 * 1:7533 <-> DISABLED <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules)
 * 1:7534 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules)
 * 1:7535 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules)
 * 1:7536 <-> DISABLED <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - popup (spyware-put.rules)
 * 1:7537 <-> DISABLED <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules)
 * 1:7540 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool unify runtime detection - cgi notification (spyware-put.rules)
 * 1:7543 <-> DISABLED <-> SPYWARE-PUT Hijacker 2020search runtime detection (spyware-put.rules)
 * 1:7550 <-> DISABLED <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules)
 * 1:7553 <-> DISABLED <-> SPYWARE-PUT Adware hxdl runtime detection - hxlogonly user-agent (spyware-put.rules)
 * 1:7554 <-> DISABLED <-> SPYWARE-PUT Adware hxdl runtime detection - hxdownload user-agent (spyware-put.rules)
 * 1:7556 <-> DISABLED <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules)
 * 1:7557 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules)
 * 1:7558 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules)
 * 1:7559 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules)
 * 1:7560 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - self update (spyware-put.rules)
 * 1:7561 <-> DISABLED <-> SPYWARE-PUT Trackware purityscan runtime detection - opt out of interstitial advertising (spyware-put.rules)
 * 1:7562 <-> DISABLED <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules)
 * 1:7563 <-> DISABLED <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules)
 * 1:7564 <-> DISABLED <-> SPYWARE-PUT Hijacker startnow runtime detection (spyware-put.rules)
 * 1:7565 <-> DISABLED <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - search engine (spyware-put.rules)
 * 1:7566 <-> DISABLED <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - redirector (spyware-put.rules)
 * 1:7568 <-> DISABLED <-> SPYWARE-PUT Trackware webhancer runtime detection (spyware-put.rules)
 * 1:7569 <-> DISABLED <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules)
 * 1:7570 <-> DISABLED <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules)
 * 1:7572 <-> DISABLED <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules)
 * 1:7573 <-> DISABLED <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules)
 * 1:7582 <-> DISABLED <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules)
 * 1:7587 <-> DISABLED <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules)
 * 1:7588 <-> DISABLED <-> SPYWARE-PUT Trickler urlblaze runtime detection - files search or download (spyware-put.rules)
 * 1:7594 <-> DISABLED <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules)
 * 1:7595 <-> DISABLED <-> SPYWARE-PUT Adware comedy planet runtime detection - collect user information (spyware-put.rules)
 * 1:7600 <-> DISABLED <-> SPYWARE-PUT Hijacker adtraffic runtime detection - notfound website search hijack and redirection (spyware-put.rules)
 * 1:7823 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - datachunksgz (spyware-put.rules)
 * 1:7824 <-> DISABLED <-> SPYWARE-PUT Trickler whenu.clocksync runtime detection (spyware-put.rules)
 * 1:7825 <-> DISABLED <-> SPYWARE-PUT Adware whenu.savenow runtime detection (spyware-put.rules)
 * 1:7826 <-> DISABLED <-> SPYWARE-PUT Trickler whenu.weathercast runtime detection - check (spyware-put.rules)
 * 1:7827 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules)
 * 1:7828 <-> DISABLED <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules)
 * 1:7829 <-> DISABLED <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules)
 * 1:7831 <-> DISABLED <-> SPYWARE-PUT Adware downloadplus runtime detection (spyware-put.rules)
 * 1:7832 <-> DISABLED <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules)
 * 1:7833 <-> DISABLED <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - search (spyware-put.rules)
 * 1:7835 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
 * 1:7838 <-> DISABLED <-> SPYWARE-PUT Adware smiley central runtime detection (spyware-put.rules)
 * 1:7841 <-> DISABLED <-> SPYWARE-PUT Hijacker instafinder error redirect detection (spyware-put.rules)
 * 1:7843 <-> DISABLED <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - search engine hijack (spyware-put.rules)
 * 1:7844 <-> DISABLED <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - post data (spyware-put.rules)
 * 1:7850 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - retrieve command (spyware-put.rules)
 * 1:7851 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - ack (spyware-put.rules)
 * 1:7852 <-> DISABLED <-> SPYWARE-PUT Trickler maxsearch runtime detection - advertisement (spyware-put.rules)
 * 1:7853 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 1 (spyware-put.rules)
 * 1:7854 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - config retrieval (spyware-put.rules)
 * 1:7855 <-> DISABLED <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 2 (spyware-put.rules)
 * 1:7856 <-> DISABLED <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules)
 * 1:7861 <-> DISABLED <-> POLICY Google Desktop activity (policy.rules)
 * 1:8068 <-> DISABLED <-> WEB-ACTIVEX Microsoft Windows Scripting Host Shell ActiveX function call access (web-activex.rules)
 * 1:8069 <-> DISABLED <-> WEB-ACTIVEX Microsoft Virtual Machine ActiveX clsid access (web-activex.rules)
 * 1:8071 <-> DISABLED <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - search hijack (spyware-put.rules)
 * 1:8072 <-> DISABLED <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - surf monitor (spyware-put.rules)
 * 1:8084 <-> DISABLED <-> WEB-CGI CVSTrac filediff function access (web-cgi.rules)
 * 1:8157 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (netbios.rules)
 * 1:828 <-> DISABLED <-> WEB-CGI maillist.pl access (web-cgi.rules)
 * 1:832 <-> DISABLED <-> WEB-CGI perl.exe access (web-cgi.rules)
 * 1:8349 <-> DISABLED <-> WEB-IIS Indexing Service ciRestriction cross-site scripting attempt (web-iis.rules)
 * 1:8352 <-> ENABLED <-> SPYWARE-PUT Adware desktopmedia runtime detection - ads popup (spyware-put.rules)
 * 1:8353 <-> ENABLED <-> SPYWARE-PUT Adware desktopmedia runtime detection - auto update (spyware-put.rules)
 * 1:8354 <-> ENABLED <-> SPYWARE-PUT Adware desktopmedia runtime detection - surf monitoring (spyware-put.rules)
 * 1:8358 <-> ENABLED <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - addressbar keyword search hijack (spyware-put.rules)
 * 1:8359 <-> ENABLED <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules)
 * 1:8360 <-> DISABLED <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules)
 * 1:8413 <-> DISABLED <-> WEB-CLIENT HCP URI uplddrvinfo access (web-client.rules)
 * 1:8421 <-> DISABLED <-> WEB-ACTIVEX OWC11.DataSourceControl.11 ActiveX function call access (web-activex.rules)
 * 1:8423 <-> DISABLED <-> WEB-ACTIVEX CEnroll.CEnroll.2 ActiveX function call access (web-activex.rules)
 * 1:8444 <-> DISABLED <-> WEB-MISC Trend Micro atxconsole format string server response attempt (web-misc.rules)
 * 1:8453 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8454 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type attempt (netbios.rules)
 * 1:8455 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8456 <-> DISABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8461 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - send userinfo (spyware-put.rules)
 * 1:8462 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace info downloaded (spyware-put.rules)
 * 1:8463 <-> DISABLED <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace login info (spyware-put.rules)
 * 1:8464 <-> DISABLED <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules)
 * 1:8467 <-> DISABLED <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules)
 * 1:8468 <-> DISABLED <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules)
 * 1:8469 <-> DISABLED <-> SPYWARE-PUT Hijacker accoona runtime detection - open sidebar search url (spyware-put.rules)
 * 1:8485 <-> DISABLED <-> WEB-COLDFUSION CFNEWINTERNALADMINSECURITY access (web-coldfusion.rules)
 * 1:8486 <-> DISABLED <-> WEB-COLDFUSION CFNEWINTERNALREGISTRY access (web-coldfusion.rules)
 * 1:8487 <-> DISABLED <-> WEB-COLDFUSION CFADMIN_REGISTRY_SET access (web-coldfusion.rules)
 * 1:8488 <-> DISABLED <-> WEB-COLDFUSION CFADMIN_REGISTRY_GET access (web-coldfusion.rules)
 * 1:8489 <-> DISABLED <-> WEB-COLDFUSION CFADMIN_REGISTRY_DELETE access (web-coldfusion.rules)
 * 1:8490 <-> DISABLED <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules)
 * 1:8491 <-> DISABLED <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules)
 * 1:8492 <-> DISABLED <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules)
 * 1:8493 <-> DISABLED <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules)
 * 1:850 <-> DISABLED <-> WEB-CGI wais.pl access (web-cgi.rules)
 * 1:8542 <-> DISABLED <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules)
 * 1:8543 <-> DISABLED <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - display popup ads (spyware-put.rules)
 * 1:8545 <-> DISABLED <-> SPYWARE-PUT Adware roogoo runtime detection - surfing monitor (spyware-put.rules)
 * 1:8546 <-> DISABLED <-> SPYWARE-PUT Adware roogoo runtime detection - show ads (spyware-put.rules)
 * 1:856 <-> DISABLED <-> WEB-CGI environ.cgi access (web-cgi.rules)
 * 1:862 <-> DISABLED <-> WEB-CGI csh access (web-cgi.rules)
 * 1:865 <-> DISABLED <-> WEB-CGI ksh access (web-cgi.rules)
 * 1:868 <-> DISABLED <-> WEB-CGI rsh access (web-cgi.rules)
 * 1:870 <-> DISABLED <-> WEB-CGI snorkerz.cmd access (web-cgi.rules)
 * 1:8700 <-> DISABLED <-> WEB-IIS ASP.NET 2.0 cross-site scripting attempt (web-iis.rules)
 * 1:872 <-> DISABLED <-> WEB-CGI tcsh access (web-cgi.rules)
 * 1:877 <-> DISABLED <-> WEB-CGI rksh access (web-cgi.rules)
 * 1:878 <-> DISABLED <-> WEB-CGI w3tvars.pm access (web-cgi.rules)
 * 1:881 <-> DISABLED <-> WEB-CGI archie access (web-cgi.rules)
 * 1:882 <-> DISABLED <-> WEB-CGI calendar access (web-cgi.rules)
 * 1:885 <-> DISABLED <-> WEB-CGI bash access (web-cgi.rules)
 * 1:888 <-> DISABLED <-> WEB-CGI wwwadmin.pl access (web-cgi.rules)
 * 1:889 <-> DISABLED <-> WEB-CGI ppdscgi.exe access (web-cgi.rules)
 * 1:890 <-> DISABLED <-> WEB-CGI sendform.cgi access (web-cgi.rules)
 * 1:891 <-> DISABLED <-> WEB-CGI upload.pl access (web-cgi.rules)
 * 1:892 <-> DISABLED <-> WEB-CGI AnyForm2 access (web-cgi.rules)
 * 1:894 <-> DISABLED <-> WEB-CGI bb-hist.sh access (web-cgi.rules)
 * 1:895 <-> DISABLED <-> WEB-CGI redirect access (web-cgi.rules)
 * 1:896 <-> DISABLED <-> WEB-CGI way-board access (web-cgi.rules)
 * 1:897 <-> DISABLED <-> WEB-CGI pals-cgi access (web-cgi.rules)
 * 1:898 <-> DISABLED <-> WEB-CGI commerce.cgi access (web-cgi.rules)
 * 1:899 <-> DISABLED <-> WEB-CGI Amaya templates sendtemp.pl directory traversal attempt (web-cgi.rules)
 * 1:900 <-> DISABLED <-> WEB-CGI webspirs.cgi directory traversal attempt (web-cgi.rules)
 * 1:901 <-> DISABLED <-> WEB-CGI webspirs.cgi access (web-cgi.rules)
 * 1:902 <-> DISABLED <-> WEB-CGI tstisapi.dll access (web-cgi.rules)
 * 1:903 <-> DISABLED <-> WEB-COLDFUSION cfcache.map access (web-coldfusion.rules)
 * 1:904 <-> DISABLED <-> WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules)
 * 1:905 <-> DISABLED <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 * 1:906 <-> DISABLED <-> WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules)
 * 1:907 <-> DISABLED <-> WEB-COLDFUSION addcontent.cfm access (web-coldfusion.rules)
 * 1:908 <-> DISABLED <-> WEB-COLDFUSION administrator access (web-coldfusion.rules)
 * 1:909 <-> DISABLED <-> WEB-COLDFUSION datasource username attempt (web-coldfusion.rules)
 * 1:910 <-> DISABLED <-> WEB-COLDFUSION fileexists.cfm access (web-coldfusion.rules)
 * 1:911 <-> DISABLED <-> WEB-COLDFUSION exprcalc access (web-coldfusion.rules)
 * 1:912 <-> DISABLED <-> WEB-COLDFUSION parks access (web-coldfusion.rules)
 * 1:913 <-> DISABLED <-> WEB-COLDFUSION cfappman access (web-coldfusion.rules)
 * 1:9132 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules)
 * 1:914 <-> DISABLED <-> WEB-COLDFUSION beaninfo access (web-coldfusion.rules)
 * 1:915 <-> DISABLED <-> WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules)
 * 1:916 <-> DISABLED <-> WEB-COLDFUSION getodbcdsn access (web-coldfusion.rules)
 * 1:917 <-> DISABLED <-> WEB-COLDFUSION db connections flush attempt (web-coldfusion.rules)
 * 1:918 <-> DISABLED <-> WEB-COLDFUSION expeval access (web-coldfusion.rules)
 * 1:919 <-> DISABLED <-> WEB-COLDFUSION datasource passwordattempt (web-coldfusion.rules)
 * 1:920 <-> DISABLED <-> WEB-COLDFUSION datasource attempt (web-coldfusion.rules)
 * 1:921 <-> DISABLED <-> WEB-COLDFUSION admin encrypt attempt (web-coldfusion.rules)
 * 1:922 <-> DISABLED <-> WEB-COLDFUSION displayfile access (web-coldfusion.rules)
 * 1:9228 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (netbios.rules)
 * 1:923 <-> DISABLED <-> WEB-COLDFUSION getodbcin attempt (web-coldfusion.rules)
 * 1:924 <-> DISABLED <-> WEB-COLDFUSION admin decrypt attempt (web-coldfusion.rules)
 * 1:925 <-> DISABLED <-> WEB-COLDFUSION mainframeset access (web-coldfusion.rules)
 * 1:926 <-> DISABLED <-> WEB-COLDFUSION set odbc ini attempt (web-coldfusion.rules)
 * 1:927 <-> DISABLED <-> WEB-COLDFUSION settings refresh attempt (web-coldfusion.rules)
 * 1:928 <-> DISABLED <-> WEB-COLDFUSION exampleapp access (web-coldfusion.rules)
 * 1:929 <-> DISABLED <-> WEB-COLDFUSION CFUSION_VERIFYMAIL access (web-coldfusion.rules)
 * 1:930 <-> DISABLED <-> WEB-COLDFUSION snippets attempt (web-coldfusion.rules)
 * 1:931 <-> DISABLED <-> WEB-COLDFUSION cfmlsyntaxcheck.cfm access (web-coldfusion.rules)
 * 1:932 <-> DISABLED <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 * 1:933 <-> DISABLED <-> WEB-COLDFUSION onrequestend.cfm access (web-coldfusion.rules)
 * 1:9339 <-> ENABLED <-> SPECIFIC-THREATS klez.g web propagation detection (specific-threats.rules)
 * 1:9340 <-> ENABLED <-> SPECIFIC-THREATS klez.i web propagation detection (specific-threats.rules)
 * 1:9346 <-> ENABLED <-> SPECIFIC-THREATS klez.b web propagation detection (specific-threats.rules)
 * 1:935 <-> DISABLED <-> WEB-COLDFUSION startstop DOS access (web-coldfusion.rules)
 * 1:936 <-> DISABLED <-> WEB-COLDFUSION gettempdirectory.cfm access  (web-coldfusion.rules)
 * 1:9363 <-> ENABLED <-> SPECIFIC-THREATS klez.d web propagation detection (specific-threats.rules)
 * 1:9364 <-> ENABLED <-> SPECIFIC-THREATS klez.e web propagation detection (specific-threats.rules)
 * 1:937 <-> DISABLED <-> WEB-FRONTPAGE _vti_rpc access (web-frontpage.rules)
 * 1:9387 <-> ENABLED <-> SPECIFIC-THREATS klez.j web propagation detection (specific-threats.rules)
 * 1:939 <-> DISABLED <-> WEB-FRONTPAGE posting (web-frontpage.rules)
 * 1:940 <-> DISABLED <-> WEB-FRONTPAGE shtml.dll access (web-frontpage.rules)
 * 1:941 <-> DISABLED <-> WEB-FRONTPAGE contents.htm access (web-frontpage.rules)
 * 1:942 <-> DISABLED <-> WEB-FRONTPAGE orders.htm access (web-frontpage.rules)
 * 1:9429 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Movie link scripting security bypass attempt (web-client.rules)
 * 1:943 <-> DISABLED <-> WEB-FRONTPAGE fpsrvadm.exe access (web-frontpage.rules)
 * 1:9432 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:9433 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:944 <-> DISABLED <-> WEB-FRONTPAGE fpremadm.exe access (web-frontpage.rules)
 * 1:945 <-> DISABLED <-> WEB-FRONTPAGE fpadmin.htm access (web-frontpage.rules)
 * 1:946 <-> DISABLED <-> WEB-FRONTPAGE fpadmcgi.exe access (web-frontpage.rules)
 * 1:947 <-> DISABLED <-> WEB-FRONTPAGE orders.txt access (web-frontpage.rules)
 * 1:948 <-> DISABLED <-> WEB-FRONTPAGE form_results access (web-frontpage.rules)
 * 1:949 <-> DISABLED <-> WEB-FRONTPAGE registrations.htm access (web-frontpage.rules)
 * 1:950 <-> DISABLED <-> WEB-FRONTPAGE cfgwiz.exe access (web-frontpage.rules)
 * 1:951 <-> DISABLED <-> WEB-FRONTPAGE authors.pwd access (web-frontpage.rules)
 * 1:952 <-> DISABLED <-> WEB-FRONTPAGE author.exe access (web-frontpage.rules)
 * 1:953 <-> DISABLED <-> WEB-FRONTPAGE administrators.pwd access (web-frontpage.rules)
 * 1:954 <-> DISABLED <-> WEB-FRONTPAGE form_results.htm access (web-frontpage.rules)
 * 1:955 <-> DISABLED <-> WEB-FRONTPAGE access.cnf access (web-frontpage.rules)
 * 1:956 <-> DISABLED <-> WEB-FRONTPAGE register.txt access (web-frontpage.rules)
 * 1:957 <-> DISABLED <-> WEB-FRONTPAGE registrations.txt access (web-frontpage.rules)
 * 1:958 <-> DISABLED <-> WEB-FRONTPAGE service.cnf access (web-frontpage.rules)
 * 1:959 <-> DISABLED <-> WEB-FRONTPAGE service.pwd (web-frontpage.rules)
 * 1:960 <-> DISABLED <-> WEB-FRONTPAGE service.stp access (web-frontpage.rules)
 * 1:961 <-> DISABLED <-> WEB-FRONTPAGE services.cnf access (web-frontpage.rules)
 * 1:9619 <-> DISABLED <-> WEB-CLIENT Gnu gv buffer overflow attempt (web-client.rules)
 * 1:962 <-> DISABLED <-> WEB-FRONTPAGE shtml.exe access (web-frontpage.rules)
 * 1:9620 <-> DISABLED <-> WEB-MISC pajax call_dispatcher remote exec attempt (web-misc.rules)
 * 1:963 <-> DISABLED <-> WEB-FRONTPAGE svcacl.cnf access (web-frontpage.rules)
 * 1:964 <-> DISABLED <-> WEB-FRONTPAGE users.pwd access (web-frontpage.rules)
 * 1:9644 <-> DISABLED <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules)
 * 1:9645 <-> DISABLED <-> SPYWARE-PUT Hijacker sogou runtime detection - keyword hijack (spyware-put.rules)
 * 1:965 <-> DISABLED <-> WEB-FRONTPAGE writeto.cnf access (web-frontpage.rules)
 * 1:9651 <-> DISABLED <-> SPYWARE-PUT Hijacker ricercadoppia runtime detection (spyware-put.rules)
 * 1:9652 <-> DISABLED <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules)
 * 1:966 <-> DISABLED <-> WEB-FRONTPAGE .... request (web-frontpage.rules)
 * 1:967 <-> DISABLED <-> WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules)
 * 1:968 <-> DISABLED <-> WEB-FRONTPAGE register.htm access (web-frontpage.rules)
 * 1:969 <-> DISABLED <-> WEB-IIS WebDAV file lock attempt (web-iis.rules)
 * 1:973 <-> DISABLED <-> WEB-IIS *.idc attempt (web-iis.rules)
 * 1:974 <-> DISABLED <-> WEB-IIS Directory transversal attempt (web-iis.rules)
 * 1:975 <-> DISABLED <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules)
 * 1:976 <-> DISABLED <-> WEB-MISC .bat? access (web-misc.rules)
 * 1:977 <-> DISABLED <-> WEB-IIS .cnf access (web-iis.rules)
 * 1:978 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:979 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:9791 <-> DISABLED <-> WEB-MISC .cmd? access (web-misc.rules)
 * 1:980 <-> DISABLED <-> WEB-IIS CGImail.exe access (web-iis.rules)
 * 1:9829 <-> DISABLED <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules)
 * 1:9831 <-> DISABLED <-> SPYWARE-PUT Adware u88 runtime detection (spyware-put.rules)
 * 1:984 <-> DISABLED <-> WEB-IIS JET VBA access (web-iis.rules)
 * 1:9848 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
 * 1:985 <-> DISABLED <-> WEB-IIS JET VBA access (web-iis.rules)
 * 1:986 <-> DISABLED <-> WEB-IIS MSProxy access (web-iis.rules)
 * 1:990 <-> DISABLED <-> WEB-FRONTPAGE _vti_inf.html access (web-frontpage.rules)
 * 1:991 <-> DISABLED <-> WEB-IIS achg.htr access (web-iis.rules)
 * 1:9914 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (netbios.rules)
 * 1:992 <-> DISABLED <-> WEB-IIS adctest.asp access (web-iis.rules)
 * 1:993 <-> DISABLED <-> WEB-IIS iisadmin access (web-iis.rules)
 * 1:994 <-> DISABLED <-> WEB-IIS /scripts/iisadmin/default.htm access (web-iis.rules)
 * 1:995 <-> DISABLED <-> WEB-IIS ism.dll access (web-iis.rules)
 * 1:996 <-> DISABLED <-> WEB-IIS anot.htr access (web-iis.rules)
 * 1:997 <-> DISABLED <-> WEB-IIS asp-dot attempt (web-iis.rules)
 * 1:998 <-> DISABLED <-> WEB-IIS asp-srch attempt (web-iis.rules)
 * 1:999 <-> DISABLED <-> WEB-IIS bdir access (web-iis.rules)
 * 3:17608 <-> ENABLED <-> WEB-CLIENT Apple QuickTime color table atom movie file handling heap corruption attempt (web-client.rules)