Sourcefire VRT Update

Date: 2006-09-01

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
7794 <-> Disabled <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (backdoor.rules)
7795 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
7796 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
7797 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
7798 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
7799 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
7800 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
7801 <-> Disabled <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules)
7802 <-> Disabled <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules)
7803 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - send messages (backdoor.rules)
7804 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (backdoor.rules)
7805 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules)
7806 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - initial connection (backdoor.rules)
7807 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - execute file (backdoor.rules)
7808 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
7809 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
7810 <-> Disabled <-> BACKDOOR nuclear uploader 1.0 runtime detection (backdoor.rules)
7811 <-> Disabled <-> BACKDOOR abacab runtime detection - telnet initial (backdoor.rules)
7812 <-> Disabled <-> BACKDOOR abacab runtime detection - banner (backdoor.rules)
7813 <-> Disabled <-> BACKDOOR darkmoon initial connection detection - cts (backdoor.rules)
7814 <-> Disabled <-> BACKDOOR darkmoon initial connection detection - stc (backdoor.rules)
7815 <-> Disabled <-> BACKDOOR darkmoon reverse connection detection - stc (backdoor.rules)
7816 <-> Disabled <-> BACKDOOR darkmoon reverse connection detection - cts (backdoor.rules)
7817 <-> Disabled <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
7818 <-> Disabled <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
7819 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7820 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7821 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7822 <-> Disabled <-> BACKDOOR xbkdr runtime detection (backdoor.rules)
7823 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - datachunksgz (spyware-put.rules)
7824 <-> Disabled <-> SPYWARE-PUT Trickler whenu.clocksync runtime detection (spyware-put.rules)
7825 <-> Disabled <-> SPYWARE-PUT Adware whenu.savenow runtime detection (spyware-put.rules)
7826 <-> Disabled <-> SPYWARE-PUT Trickler whenu.weathercast runtime detection - check (spyware-put.rules)
7827 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules)
7828 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules)
7829 <-> Disabled <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules)
7830 <-> Disabled <-> SPYWARE-PUT Botnet dacryptic runtime detection (spyware-put.rules)
7831 <-> Disabled <-> SPYWARE-PUT Adware downloadplus runtime detection (spyware-put.rules)
7832 <-> Disabled <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules)
7833 <-> Disabled <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - search (spyware-put.rules)
7834 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
7835 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
7836 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report send through email (spyware-put.rules)
7837 <-> Disabled <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules)
7838 <-> Disabled <-> SPYWARE-PUT Adware smiley central runtime detection (spyware-put.rules)
7839 <-> Disabled <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules)
7840 <-> Disabled <-> SPYWARE-PUT Hijacker instafinder initial configuration detection (spyware-put.rules)
7841 <-> Disabled <-> SPYWARE-PUT Hijacker instafinder error redirect detection (spyware-put.rules)
7842 <-> Disabled <-> SPYWARE-PUT hacker tool davps runtime detection (spyware-put.rules)
7843 <-> Disabled <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - search engine hijack (spyware-put.rules)
7844 <-> Disabled <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - post data (spyware-put.rules)
7845 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules)
7846 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules)
7847 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection - send log through email (spyware-put.rules)
7848 <-> Disabled <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules)
7849 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - toolbar download (spyware-put.rules)
7850 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - retrieve command (spyware-put.rules)
7851 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - ack (spyware-put.rules)
7852 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - advertisement (spyware-put.rules)
7853 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 1 (spyware-put.rules)
7854 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - config retrieval (spyware-put.rules)
7855 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 2 (spyware-put.rules)
7856 <-> Disabled <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules)
7857 <-> Disabled <-> SPYWARE-PUT Keylogger EliteKeylogger runtime detection (spyware-put.rules)
7858 <-> Disabled <-> POLICY Google Desktop initial install - firstuse request (policy.rules)
7859 <-> Disabled <-> POLICY Google Desktop initial install  - installer request (policy.rules)
7860 <-> Disabled <-> POLICY Google Desktop search query (policy.rules)
7861 <-> Disabled <-> POLICY Google Desktop activity (policy.rules)
7862 <-> Enabled  <-> WEB-CLIENT McSubMgr.IsAppExpired ActiveX function call access (web-client.rules)
7863 <-> Enabled  <-> WEB-CLIENT McSubMgr.IsOldAppInstalled ActiveX function call access (web-client.rules)
7864 <-> Enabled  <-> WEB-CLIENT McSubMgr ActiveX CLSID access (web-client.rules)
7865 <-> Enabled  <-> WEB-CLIENT McSubMgr ActiveX CLSID unicode access (web-client.rules)
7866 <-> Enabled  <-> WEB-CLIENT ADODB.Connection ActiveX CLSID access (web-client.rules)
7867 <-> Enabled  <-> WEB-CLIENT ADODB.Connection ActiveX CLSID unicode access (web-client.rules)
7868 <-> Enabled  <-> WEB-CLIENT ADODB.Recordset ActiveX CLSID access (web-client.rules)
7869 <-> Enabled  <-> WEB-CLIENT ADODB.Recordset ActiveX CLSID unicode access (web-client.rules)
7870 <-> Enabled  <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX CLSID access (web-client.rules)
7871 <-> Enabled  <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX CLSID unicode access (web-client.rules)
7872 <-> Enabled  <-> WEB-CLIENT Microsoft Office Spreadsheet 10.0 ActiveX CLSID access (web-client.rules)
7873 <-> Enabled  <-> WEB-CLIENT Microsoft Office Spreadsheet 10.0 ActiveX CLSID unicode access (web-client.rules)
7874 <-> Enabled  <-> WEB-CLIENT Microsoft Office PivotTable 10.0 ActiveX CLSID access (web-client.rules)
7875 <-> Enabled  <-> WEB-CLIENT Microsoft Office PivotTable 10.0 ActiveX CLSID unicode access (web-client.rules)
7876 <-> Enabled  <-> WEB-CLIENT Microsoft Office Data Source Control 10.0 ActiveX CLSID access (web-client.rules)
7877 <-> Enabled  <-> WEB-CLIENT Microsoft Office Data Source Control 10.0 ActiveX CLSID unicode access (web-client.rules)
7878 <-> Enabled  <-> WEB-CLIENT AxMetaStream.MetaStreamCtl ActiveX CLSID access (web-client.rules)
7879 <-> Enabled  <-> WEB-CLIENT AxMetaStream.MetaStreamCtl ActiveX CLSID unicode access (web-client.rules)
7880 <-> Enabled  <-> WEB-CLIENT AxMetaStream.MetaStreamCtlSecondary ActiveX CLSID access (web-client.rules)
7881 <-> Enabled  <-> WEB-CLIENT AxMetaStream.MetaStreamCtlSecondary ActiveX CLSID unicode access (web-client.rules)
7882 <-> Enabled  <-> WEB-CLIENT AccSync.AccSubNotHandler ActiveX CLSID access (web-client.rules)
7883 <-> Enabled  <-> WEB-CLIENT AccSync.AccSubNotHandler ActiveX CLSID unicode access (web-client.rules)
7884 <-> Enabled  <-> WEB-CLIENT AolCalSvr.ACCalendarListCtrl ActiveX CLSID access (web-client.rules)
7885 <-> Enabled  <-> WEB-CLIENT AolCalSvr.ACCalendarListCtrl ActiveX CLSID unicode access (web-client.rules)
7886 <-> Enabled  <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID access (web-client.rules)
7887 <-> Enabled  <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID unicode access (web-client.rules)
7888 <-> Enabled  <-> WEB-CLIENT AOLFlash.AOLFlash ActiveX CLSID access (web-client.rules)
7889 <-> Enabled  <-> WEB-CLIENT AOLFlash.AOLFlash ActiveX CLSID unicode access (web-client.rules)
7890 <-> Enabled  <-> WEB-CLIENT AOL.MemExpWz ActiveX CLSID access (web-client.rules)
7891 <-> Enabled  <-> WEB-CLIENT AOL.MemExpWz ActiveX CLSID unicode access (web-client.rules)
7892 <-> Enabled  <-> WEB-CLIENT AOL Phobos Class ActiveX CLSID access (web-client.rules)
7893 <-> Enabled  <-> WEB-CLIENT AOL Phobos Class ActiveX CLSID unicode access (web-client.rules)
7894 <-> Enabled  <-> WEB-CLIENT AOL.PicDownloadCtrl ActiveX CLSID access (web-client.rules)
7895 <-> Enabled  <-> WEB-CLIENT AOL.PicDownloadCtrl ActiveX CLSID unicode access (web-client.rules)
7896 <-> Enabled  <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID access (web-client.rules)
7897 <-> Enabled  <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID unicode access (web-client.rules)
7898 <-> Enabled  <-> WEB-CLIENT AOL.PicSsvrCtrl ActiveX CLSID access (web-client.rules)
7899 <-> Enabled  <-> WEB-CLIENT AOL.PicSsvrCtrl ActiveX CLSID unicode access (web-client.rules)
7900 <-> Enabled  <-> WEB-CLIENT AOL.UPFCtrl ActiveX CLSID access (web-client.rules)
7901 <-> Enabled  <-> WEB-CLIENT AOL.UPFCtrl ActiveX CLSID unicode access (web-client.rules)
7902 <-> Enabled  <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX CLSID access (web-client.rules)
7903 <-> Enabled  <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX CLSID unicode access (web-client.rules)
7904 <-> Enabled  <-> WEB-CLIENT CDL Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7905 <-> Enabled  <-> WEB-CLIENT CDL Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7906 <-> Enabled  <-> WEB-CLIENT CDO.KnowledgeSearchFolder ActiveX CLSID access (web-client.rules)
7907 <-> Enabled  <-> WEB-CLIENT CDO.KnowledgeSearchFolder ActiveX CLSID unicode access (web-client.rules)
7908 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX CLSID access (web-client.rules)
7909 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX CLSID unicode access (web-client.rules)
7910 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.DropShadow ActiveX CLSID access (web-client.rules)
7911 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.DropShadow ActiveX CLSID unicode access (web-client.rules)
7912 <-> Enabled  <-> WEB-CLIENT DX3DTransform.Microsoft.Shapes ActiveX CLSID access (web-client.rules)
7913 <-> Enabled  <-> WEB-CLIENT DX3DTransform.Microsoft.Shapes ActiveX CLSID unicode access (web-client.rules)
7914 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID access (web-client.rules)
7915 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID unicode access (web-client.rules)
7916 <-> Enabled  <-> WEB-CLIENT CLSID_IMimeInternational ActiveX CLSID access (web-client.rules)
7917 <-> Enabled  <-> WEB-CLIENT CLSID_IMimeInternational ActiveX CLSID unicode access (web-client.rules)
7918 <-> Enabled  <-> WEB-CLIENT CoAxTrackVideo Class ActiveX CLSID access (web-client.rules)
7919 <-> Enabled  <-> WEB-CLIENT CoAxTrackVideo Class ActiveX CLSID unicode access (web-client.rules)
7920 <-> Enabled  <-> WEB-CLIENT DsPropertyPages.OU ActiveX CLSID access (web-client.rules)
7921 <-> Enabled  <-> WEB-CLIENT DsPropertyPages.OU ActiveX CLSID unicode access (web-client.rules)
7922 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID access (web-client.rules)
7923 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID unicode access (web-client.rules)
7924 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Shadow ActiveX CLSID access (web-client.rules)
7925 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Shadow ActiveX CLSID unicode access (web-client.rules)
7926 <-> Enabled  <-> WEB-CLIENT DXTFilter ActiveX CLSID access (web-client.rules)
7927 <-> Enabled  <-> WEB-CLIENT DXTFilter ActiveX CLSID unicode access (web-client.rules)
7928 <-> Enabled  <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7929 <-> Enabled  <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7930 <-> Enabled  <-> WEB-CLIENT FolderItem2 ActiveX CLSID access (web-client.rules)
7931 <-> Enabled  <-> WEB-CLIENT FolderItem2 ActiveX CLSID unicode access (web-client.rules)
7932 <-> Enabled  <-> WEB-CLIENT FolderItems3 ActiveX CLSID access (web-client.rules)
7933 <-> Enabled  <-> WEB-CLIENT FolderItems3 ActiveX CLSID unicode access (web-client.rules)
7934 <-> Enabled  <-> WEB-CLIENT ftp Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7935 <-> Enabled  <-> WEB-CLIENT ftp Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7936 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Glow ActiveX CLSID access (web-client.rules)
7937 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Glow ActiveX CLSID unicode access (web-client.rules)
7938 <-> Enabled  <-> WEB-CLIENT gopher Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7939 <-> Enabled  <-> WEB-CLIENT gopher Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7940 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID access (web-client.rules)
7941 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID unicode access (web-client.rules)
7942 <-> Enabled  <-> WEB-CLIENT http Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7943 <-> Enabled  <-> WEB-CLIENT http Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7944 <-> Enabled  <-> WEB-CLIENT https Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7945 <-> Enabled  <-> WEB-CLIENT https Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7946 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.MaskFilter ActiveX CLSID access (web-client.rules)
7947 <-> Enabled  <-> WEB-CLIENT DXImageTransform.Microsoft.MaskFilter ActiveX CLSID unicode access (web-client.rules)
7948 <-> Enabled  <-> WEB-CLIENT Microsoft Common Browser Architecture ActiveX CLSID access (web-client.rules)
7949 <-> Enabled  <-> WEB-CLIENT Microsoft Common Browser Architecture ActiveX CLSID unicode access (web-client.rules)
7950 <-> Enabled  <-> WEB-CLIENT Microsoft DirectAnimation Control ActiveX CLSID access (web-client.rules)
7951 <-> Enabled  <-> WEB-CLIENT Microsoft DirectAnimation Control ActiveX CLSID unicode access (web-client.rules)
7952 <-> Enabled  <-> WEB-CLIENT Microsoft DirectAnimation Windowed Control ActiveX CLSID access (web-client.rules)
7953 <-> Enabled  <-> WEB-CLIENT Microsoft DirectAnimation Windowed Control ActiveX CLSID unicode access (web-client.rules)
7954 <-> Enabled  <-> WEB-CLIENT Microsoft Forms 2.0 ComboBox ActiveX CLSID access (web-client.rules)
7955 <-> Enabled  <-> WEB-CLIENT Microsoft Forms 2.0 ComboBox ActiveX CLSID unicode access (web-client.rules)
7956 <-> Enabled  <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID access (web-client.rules)
7957 <-> Enabled  <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID unicode access (web-client.rules)
7958 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7959 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7960 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7961 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7962 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7963 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7964 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7965 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7966 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7967 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7968 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules)
7969 <-> Enabled  <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules)
7970 <-> Enabled  <-> WEB-CLIENT PostBootReminder object ActiveX CLSID access (web-client.rules)
7971 <-> Enabled  <-> WEB-CLIENT PostBootReminder object ActiveX CLSID unicode access (web-client.rules)
7972 <-> Enabled  <-> WEB-CLIENT RealPlayer G2 Control ActiveX CLSID access (web-client.rules)
7973 <-> Enabled  <-> WEB-CLIENT RealPlayer G2 Control ActiveX CLSID unicode access (web-client.rules)
7974 <-> Enabled  <-> WEB-CLIENT Rendezvous Class ActiveX CLSID access (web-client.rules)
7975 <-> Enabled  <-> WEB-CLIENT Rendezvous Class ActiveX CLSID unicode access (web-client.rules)
7976 <-> Enabled  <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID access (web-client.rules)
7977 <-> Enabled  <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID unicode access (web-client.rules)
7978 <-> Enabled  <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID access (web-client.rules)
7979 <-> Enabled  <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID unicode access (web-client.rules)
7980 <-> Enabled  <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash.9 ActiveX function call access (web-client.rules)
7981 <-> Enabled  <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX CLSID access (web-client.rules)
7982 <-> Enabled  <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX CLSID unicode access (web-client.rules)
7983 <-> Enabled  <-> WEB-CLIENT SuperBuddy Class ActiveX CLSID access (web-client.rules)
7984 <-> Enabled  <-> WEB-CLIENT SuperBuddy Class ActiveX CLSID unicode access (web-client.rules)
7985 <-> Enabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID access (web-client.rules)
7986 <-> Enabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID unicode access (web-client.rules)
7987 <-> Enabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID access (web-client.rules)
7988 <-> Enabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID unicode access (web-client.rules)
7989 <-> Enabled  <-> WEB-CLIENT WIA FileSystem USD ActiveX CLSID access (web-client.rules)
7990 <-> Enabled  <-> WEB-CLIENT WIA FileSystem USD ActiveX CLSID unicode access (web-client.rules)
7991 <-> Enabled  <-> WEB-CLIENT ACM Class Manager ActiveX CLSID access (web-client.rules)
7992 <-> Enabled  <-> WEB-CLIENT ACM Class Manager ActiveX CLSID unicode access (web-client.rules)
7993 <-> Enabled  <-> WEB-CLIENT clbcatex.dll ActiveX CLSID access (web-client.rules)
7994 <-> Enabled  <-> WEB-CLIENT clbcatex.dll ActiveX CLSID unicode access (web-client.rules)
7995 <-> Enabled  <-> WEB-CLIENT clbcatq.dll ActiveX CLSID access (web-client.rules)
7996 <-> Enabled  <-> WEB-CLIENT clbcatq.dll ActiveX CLSID unicode access (web-client.rules)
7997 <-> Enabled  <-> WEB-CLIENT CLSID_ApprenticeICW ActiveX CLSID access (web-client.rules)
7998 <-> Enabled  <-> WEB-CLIENT CLSID_ApprenticeICW ActiveX CLSID unicode access (web-client.rules)
7999 <-> Enabled  <-> WEB-CLIENT CLSID_CDIDeviceActionConfigPage ActiveX CLSID access (web-client.rules)
8000 <-> Enabled  <-> WEB-CLIENT CLSID_CDIDeviceActionConfigPage ActiveX CLSID unicode access (web-client.rules)
8001 <-> Enabled  <-> WEB-CLIENT CommunicationManager ActiveX CLSID access (web-client.rules)
8002 <-> Enabled  <-> WEB-CLIENT CommunicationManager ActiveX CLSID unicode access (web-client.rules)
8003 <-> Enabled  <-> WEB-CLIENT Content.mbcontent.1 ActiveX CLSID access (web-client.rules)
8004 <-> Enabled  <-> WEB-CLIENT Content.mbcontent.1 ActiveX CLSID unicode access (web-client.rules)
8005 <-> Enabled  <-> WEB-CLIENT DiskManagement.Connection ActiveX CLSID access (web-client.rules)
8006 <-> Enabled  <-> WEB-CLIENT DiskManagement.Connection ActiveX CLSID unicode access (web-client.rules)
8007 <-> Enabled  <-> WEB-CLIENT Dutch_Dutch Stemmer ActiveX CLSID access (web-client.rules)
8008 <-> Enabled  <-> WEB-CLIENT Dutch_Dutch Stemmer ActiveX CLSID unicode access (web-client.rules)
8009 <-> Enabled  <-> WEB-CLIENT English_UK Stemmer ActiveX CLSID access (web-client.rules)
8010 <-> Enabled  <-> WEB-CLIENT English_UK Stemmer ActiveX CLSID unicode access (web-client.rules)
8011 <-> Enabled  <-> WEB-CLIENT English_US Stemmer ActiveX CLSID access (web-client.rules)
8012 <-> Enabled  <-> WEB-CLIENT English_US Stemmer ActiveX CLSID unicode access (web-client.rules)
8013 <-> Enabled  <-> WEB-CLIENT French_French Stemmer ActiveX CLSID access (web-client.rules)
8014 <-> Enabled  <-> WEB-CLIENT French_French Stemmer ActiveX CLSID unicode access (web-client.rules)
8015 <-> Enabled  <-> WEB-CLIENT German_German Stemmer ActiveX CLSID access (web-client.rules)
8016 <-> Enabled  <-> WEB-CLIENT German_German Stemmer ActiveX CLSID unicode access (web-client.rules)
8017 <-> Enabled  <-> WEB-CLIENT ICM Class Manager ActiveX CLSID access (web-client.rules)
8018 <-> Enabled  <-> WEB-CLIENT ICM Class Manager ActiveX CLSID unicode access (web-client.rules)
8019 <-> Enabled  <-> WEB-CLIENT Internet Explorer Address Bar ActiveX CLSID access (web-client.rules)
8020 <-> Enabled  <-> WEB-CLIENT Internet Explorer Address Bar ActiveX CLSID unicode access (web-client.rules)
8021 <-> Enabled  <-> WEB-CLIENT ISSimpleCommandCreator.1 ActiveX CLSID access (web-client.rules)
8022 <-> Enabled  <-> WEB-CLIENT ISSimpleCommandCreator.1 ActiveX CLSID unicode access (web-client.rules)
8023 <-> Enabled  <-> WEB-CLIENT Italian_Italian Stemmer ActiveX CLSID access (web-client.rules)
8024 <-> Enabled  <-> WEB-CLIENT Italian_Italian Stemmer ActiveX CLSID unicode access (web-client.rules)
8025 <-> Enabled  <-> WEB-CLIENT Microsoft HTML Window Security Proxy ActiveX CLSID access (web-client.rules)
8026 <-> Enabled  <-> WEB-CLIENT Microsoft HTML Window Security Proxy ActiveX CLSID unicode access (web-client.rules)
8027 <-> Enabled  <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID access (web-client.rules)
8028 <-> Enabled  <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID unicode access (web-client.rules)
8029 <-> Enabled  <-> WEB-CLIENT MidiOut Class Manager ActiveX CLSID access (web-client.rules)
8030 <-> Enabled  <-> WEB-CLIENT MidiOut Class Manager ActiveX CLSID unicode access (web-client.rules)
8031 <-> Enabled  <-> WEB-CLIENT Mslablti.MarshalableTI.1 ActiveX CLSID access (web-client.rules)
8032 <-> Enabled  <-> WEB-CLIENT Mslablti.MarshalableTI.1 ActiveX CLSID unicode access (web-client.rules)
8033 <-> Enabled  <-> WEB-CLIENT QC.MessageMover.1 ActiveX CLSID access (web-client.rules)
8034 <-> Enabled  <-> WEB-CLIENT QC.MessageMover.1 ActiveX CLSID unicode access (web-client.rules)
8035 <-> Enabled  <-> WEB-CLIENT Spanish_Modern Stemmer ActiveX CLSID access (web-client.rules)
8036 <-> Enabled  <-> WEB-CLIENT Spanish_Modern Stemmer ActiveX CLSID unicode access (web-client.rules)
8037 <-> Enabled  <-> WEB-CLIENT Swedish_Default Stemmer ActiveX CLSID access (web-client.rules)
8038 <-> Enabled  <-> WEB-CLIENT Swedish_Default Stemmer ActiveX CLSID unicode access (web-client.rules)
8039 <-> Enabled  <-> WEB-CLIENT syncui.dll ActiveX CLSID access (web-client.rules)
8040 <-> Enabled  <-> WEB-CLIENT syncui.dll ActiveX CLSID unicode access (web-client.rules)
8041 <-> Enabled  <-> WEB-CLIENT VFW Capture Class Manager ActiveX CLSID access (web-client.rules)
8042 <-> Enabled  <-> WEB-CLIENT VFW Capture Class Manager ActiveX CLSID unicode access (web-client.rules)
8043 <-> Enabled  <-> WEB-CLIENT Video Effect Class Manager 1 Input ActiveX CLSID access (web-client.rules)
8044 <-> Enabled  <-> WEB-CLIENT Video Effect Class Manager 1 Input ActiveX CLSID unicode access (web-client.rules)
8045 <-> Enabled  <-> WEB-CLIENT Video Effect Class Manager 2 Input ActiveX CLSID access (web-client.rules)
8046 <-> Enabled  <-> WEB-CLIENT Video Effect Class Manager 2 Input ActiveX CLSID unicode access (web-client.rules)
8047 <-> Enabled  <-> WEB-CLIENT WaveIn Class Manager ActiveX CLSID access (web-client.rules)
8048 <-> Enabled  <-> WEB-CLIENT WaveIn Class Manager ActiveX CLSID unicode access (web-client.rules)
8049 <-> Enabled  <-> WEB-CLIENT WaveOut and DSound Class Manager ActiveX CLSID access (web-client.rules)
8050 <-> Enabled  <-> WEB-CLIENT WaveOut and DSound Class Manager ActiveX CLSID unicode access (web-client.rules)
8051 <-> Enabled  <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID access (web-client.rules)
8052 <-> Enabled  <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID unicode access (web-client.rules)
8053 <-> Enabled  <-> WEB-CLIENT DirectAnimation.PathControl ActiveX CLSID access (web-client.rules)
8054 <-> Enabled  <-> WEB-CLIENT DirectAnimation.PathControl ActiveX CLSID unicode access (web-client.rules)
8055 <-> Enabled  <-> WEB-CLIENT DirectAnimation.PathControl ActiveX function call access (web-client.rules)
8056 <-> Disabled <-> DOS ISC DHCP server 2 client_id length denial of service attempt (dos.rules)
8057 <-> Enabled  <-> MYSQL Date_Format denial of service attempt (mysql.rules)
8058 <-> Enabled  <-> WEB-CLIENT Mozilla javascript navigator object access (web-client.rules)
8059 <-> Enabled  <-> ORACLE SYS.KUPW-WORKER sql injection attempt (oracle.rules)
8060 <-> Enabled  <-> EXPLOIT UltraVNC VNCLog Buffer Overflow (exploit.rules)

Updated rules:
 117 <-> Disabled <-> BACKDOOR Infector.1.x (backdoor.rules)
 120 <-> Disabled <-> DELETED BACKDOOR Infector 1.6 Server to Client (deleted.rules)
 146 <-> Disabled <-> BACKDOOR NetSphere access (backdoor.rules)
 155 <-> Disabled <-> DELETED BACKDOOR NetSphere 1.31.337 access (deleted.rules)
 553 <-> Disabled <-> POLICY FTP anonymous login attempt (policy.rules)
 637 <-> Enabled  <-> SCAN Webtrends Scanner UDP Probe (scan.rules)
1019 <-> Enabled  <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
1022 <-> Enabled  <-> WEB-IIS jet vba access (web-iis.rules)
1023 <-> Enabled  <-> WEB-IIS msadcs.dll access (web-iis.rules)
1032 <-> Disabled <-> WEB-IIS showcode access (web-iis.rules)
1033 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules)
1034 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules)
1035 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules)
1036 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules)
2067 <-> Disabled <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules)
2181 <-> Disabled <-> P2P BitTorrent transfer (p2p.rules)
2435 <-> Enabled  <-> WEB-CLIENT Microsoft emf metafile access (web-client.rules)
3082 <-> Disabled <-> BACKDOOR Y3KRAT 1.5 Connect Client Response (backdoor.rules)
3083 <-> Disabled <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules)
3682 <-> Disabled <-> SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)
4136 <-> Disabled <-> WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules)
5846 <-> Disabled <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules)
5871 <-> Disabled <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules)
6209 <-> Disabled <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules)
7021 <-> Disabled <-> DOS linux kernel SCTP chunkless packet denial of service attempt (dos.rules)
7058 <-> Disabled <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules)
7059 <-> Disabled <-> BACKDOOR charon runtime detection - download file/log flowbit 2 (backdoor.rules)
7060 <-> Disabled <-> BACKDOOR charon runtime detection - download file/log (backdoor.rules)
7061 <-> Disabled <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules)
7062 <-> Disabled <-> DELETED BACKDOOR charon runtime detection - download log flowbit 2 (deleted.rules)
7063 <-> Disabled <-> DELETED BACKDOOR charon runtime detection - download log (deleted.rules)
7165 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (spyware-put.rules)
7166 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 2 (spyware-put.rules)
7167 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 3 (spyware-put.rules)
7168 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 4 (spyware-put.rules)
7169 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules)
7170 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7171 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7172 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7173 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7174 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7181 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules)
7507 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection (spyware-put.rules)
7509 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping (spyware-put.rules)
7544 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (spyware-put.rules)
7605 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules)
7607 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules)
7609 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules)
7611 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules)
7612 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules)
7613 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules)
7615 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules)
7618 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules)
7619 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules)
7621 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules)
7622 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules)
7623 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules)
7626 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules)
7627 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules)
7628 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules)
7629 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules)
7664 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - flowbit set (backdoor.rules)
7666 <-> Disabled <-> DELETED BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (deleted.rules)
7676 <-> Disabled <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (backdoor.rules)
7677 <-> Disabled <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection (backdoor.rules)
7779 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (deleted.rules)
7780 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (deleted.rules)
7781 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection (deleted.rules)
7782 <-> Disabled <-> BACKDOOR netdevil runtime detection - file manager - flowbit set (backdoor.rules)
7783 <-> Disabled <-> BACKDOOR netdevil runtime detection - file manager (backdoor.rules)