Talos Rules 2015-06-16
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-other, malware-cnc, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-06-16 18:52:05 UTC

Snort Subscriber Rules Update

Date: 2015-06-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules)
 * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
 * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules)
 * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
 * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules)
 * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules)
 * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules)
 * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
 * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
 * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)

Modified Rules:


 * 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules)

2015-06-16 18:52:05 UTC

Snort Subscriber Rules Update

Date: 2015-06-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
 * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules)
 * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
 * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules)
 * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules)
 * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules)
 * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules)
 * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
 * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
 * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)

Modified Rules:


 * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules)

2015-06-16 18:52:05 UTC

Snort Subscriber Rules Update

Date: 2015-06-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules)
 * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules)
 * 1:34917 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules)
 * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules)
 * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
 * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules)
 * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
 * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules)
 * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules)
 * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules)
 * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules)
 * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules)
 * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules)
 * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules)
 * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules)
 * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules)
 * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules)
 * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules)
 * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
 * 1:34888 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection  (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:34883 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34882 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34881 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34878 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> ENABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound communication (malware-cnc.rules)
 * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules)