﻿SIG1=101,"Winlogon Registry Key Modification",""
SIG2=102,"Winlogon Registry Value Modification",""
SIG3=103,"LSA Registry Key Modification",""
SIG4=104,"LSA Registry Value Modification",""
SIG5=105,"Memory Management Registry Key Modification",""
SIG6=106,"Memory Management Registry Value Modification",""
SIG7=107,"CrashControl Registry Key Modification",""
SIG8=108,"CrashControl Registry Value Modification",""
SIG9=111,"Event Log Registry Setting Modified",""
SIG10=112,"Event Log Service Setting Modification",""
SIG11=113,"Event Log Service State Change",""
SIG12=114,"Security Event Log Shutdown Setting Modified",""
SIG13=121,"Windows File Protection Activity",""
SIG14=122,"Windows File Protection Cache or Catalog Modified",""
SIG15=123,"Source Path Setting Modified",""
SIG17=132,"System Executable Creation or Deletion",""
SIG18=338,"Automatic Logon at Startup Enabled",""
SIG19=342,"List of Trusted System Processes Modified",""
SIG20=344,"T1060 - New Startup Program Creation",""
SIG21=345,"Registry Access Limitations Lifted",""
SIG22=347,"Non-interactive Floppy Access Enabled",""
SIG23=348,"Notification Packages Modification",""
SIG24=349,"Non-interactive CD-ROM Access Enabled",""
SIG25=350,"Shutdown without Logon Enabled",""
SIG26=352,"Null User Sessions Enabled",""
SIG27=354,"Drive AutoPlay Settings Modified",""
SIG28=355,"AllowSpecialCharsInShell RegKey Modification",""
SIG29=356,"IIS Shielding - CGI Script Security Context Mod.",""
SIG30=357,"IIS Shielding - Remote ODBC RegKey Creation",""
SIG31=367,"IIS Shielding - EnablePortAttack RegKey Mod.",""
SIG32=371,"Local IP Routing Enabled",""
SIG33=372,"SNMP Service Activation",""
SIG34=373,"SNMP Service Startup Mode Modification",""
SIG35=374,"Remote Command Service Activation",""
SIG36=375,"Remote Command Service Startup Mode Modification",""
SIG37=379,"Alerter Service Activation",""
SIG38=380,"Alerter Service Startup Mode Modification",""
SIG39=384,"NETMON Network Agent Activation",""
SIG40=385,"NETMON Network Agent Startup Mode Modification",""
SIG41=392,"Service Started",""
SIG42=393,"Service Stopped",""
SIG43=399,"Remote Shell Service Installation",""
SIG44=404,"Authentication Packages Modification",""
SIG45=412,"Double File Extension Execution",""
SIG46=413,"Suspicious Double File Extension Execution",""
SIG47=415,"Suspicious File Extension Execution",""
SIG48=428,"Generic Buffer Overflow",""
SIG49=431,"IIS 4.0 FTP Buffer Overflow",""
SIG50=432,"Suspicious Function Invocation",""
SIG51=433,"Remote Shell Service Activated",""
SIG52=436,"OS/2 Subsystem Pointer Modified",""
SIG53=437,"POSIX Subsystem Pointer Modified",""
SIG54=438,"Pagefile Clearing Disabled",""
SIG55=445,"ProfileImagePath RegKey Modification",""
SIG56=500,"MSSQL Core Shielding - File Access",""
SIG57=501,"MSSQL Core Shielding - File Modification",""
SIG58=502,"MSSQL Core Shielding - File Execution",""
SIG59=503,"MSSQL Core Shielding - Registry Modification",""
SIG60=504,"MSSQL Core Shielding - Service Modification",""
SIG61=505,"MSSQL Core Shielding - Service Reg. Modification",""
SIG62=507,"MSSQL Core Shielding - Log File Access",""
SIG63=508,"MSSQL Core Shielding - Log File Modification",""
SIG64=510,"MSSQL Aux. Shielding - File Access",""
SIG65=511,"MSSQL Aux. Shielding - File Modification",""
SIG66=512,"MSSQL Aux. Shielding - File Execution",""
SIG67=513,"MSSQL Aux. Shielding - Registry Modification",""
SIG68=514,"MSSQL Aux. Shielding - Service Modification",""
SIG69=515,"MSSQL Aux. Shielding - Service Reg. Modification",""
SIG70=519,"MSSQL Aux. Shielding - Service Started",""
SIG71=520,"MSSQL Core Envelope - File Access by MSSQL",""
SIG72=521,"MSSQL Core Envelope - File Modification by MSSQL",""
SIG73=522,"MSSQL Core Envelope - File Execution by MSSQL",""
SIG74=523,"MSSQL Core Envelope - Registry Mod. by MSSQL",""
SIG75=524,"MSSQL Core Envelope - Service Mod. by MSSQL",""
SIG76=530,"MSSQL Aux. Envelope - File Access by MSSQL",""
SIG77=531,"MSSQL Aux. Envelope - File Modification by MSSQL",""
SIG78=532,"MSSQL Aux. Envelope - File Execution by MSSQL",""
SIG79=533,"MSSQL Aux. Envelope - Registry Mod. by MSSQL",""
SIG80=534,"MSSQL Aux. Envelope - Service Mod. by MSSQL",""
SIG81=540,"MSSQL Stored Procedure Buffer Overflow",""
SIG82=541,"MSSQL Server Installation File Vulnerability",""
SIG83=542,"MSSQL Blank Password Logon",""
SIG84=550,"MSSQL Distributed Query",""
SIG85=551,"MSSQL SQL Injection With Comments",""
SIG86=552,"MSSQL SQL Injection With DELAY",""
SIG87=553,"MSSQL SQL Injection With BULK INSERT",""
SIG88=554,"MSSQL SQL Injection With Batch Commands",""
SIG89=555,"MSSQL SQL Injection With Audit Evasion",""
SIG90=556,"MSSQL SQL Shutdown",""
SIG91=557,"MSSQL Job Scheduling",""
SIG92=558,"MSSQL sp_MScopyscriptfile Privilege Escalation",""
SIG93=559,"MSSQL sp_attachsubscription Privilege Escalation",""
SIG94=560,"SQL Injection With CAST",""
SIG95=561,"MSSQL xp_cmdshell Privilege Escalation",""
SIG96=562,"MSSQL xp_availablemedia Privilege Escalation",""
SIG97=563,"MSSQL xp_dirtree Privilege Escalation",""
SIG98=564,"MSSQL xp_subdirs Privilege Escalation",""
SIG99=565,"MSSQL xp_fileexist Privilege Escalation",""
SIG100=566,"MSSQL xp_getfiledetails Privilege Escalation",""
SIG101=567,"MSSQL sp_OACreate Privilege Escalation",""
SIG102=568,"MSSQL sp_OAGetErrorInfo Privilege Escalation",""
SIG103=569,"MSSQL sp_OAGetProperty Privilege Escalation",""
SIG104=570,"MSSQL sp_OAMethod Privilege Escalation",""
SIG105=571,"MSSQL sp_OASetProperty Privilege Escalation",""
SIG106=572,"MSSQL sp_OADestroy Privilege Escalation",""
SIG107=573,"MSSQL sp_OAStop Privilege Escalation",""
SIG108=574,"MSSQL sp_addextendedproc Privilege Escalation",""
SIG109=575,"MSSQL xp_makewebtask Privilege Escalation",""
SIG110=576,"MSSQL sp_addlogin Privilege Escalation",""
SIG111=577,"MSSQL xp_readerrorlog Privilege Escalation",""
SIG112=578,"MSSQL xp_regenumvalues Privilege Escalation",""
SIG113=579,"MSSQL xp_regread Privilege Escalation",""
SIG114=580,"MSSQL xp_regwrite Privilege Escalation",""
SIG115=581,"MSSQL xp_regdeletevalue Privilege Escalation",""
SIG116=582,"MSSQL xp_regaddmultistring Privilege Escalation",""
SIG117=583,"MSSQL xp_regremovemultistring Privilege Escalation",""
SIG118=584,"MSSQL xp_regdeletekey Privilege Escalation",""
SIG119=585,"MSSQL xp_servicecontrol Privilege Escalation",""
SIG120=586,"MSSQL xp_enumdsn Privilege Escalation",""
SIG121=587,"MSSQL xp_loginconfig Privilege Escalation",""
SIG122=588,"MSSQL xp_terminate_process Privilege Escalation",""
SIG123=589,"MSSQL xp_proxiedadata Privilege Escalation",""
SIG124=590,"MSSQL Server Configuration Manipulation",""
SIG125=591,"MSSQL raiserror Execution",""
SIG126=592,"MSSQL formatmessage Execution",""
SIG127=593,"MSSQL xp_sprintf Execution",""
SIG128=594,"MSSQL Web Task Abuse",""
SIG129=595,"MSSQL sp_set_sqlagent_properties Priv. Escalation",""
SIG130=596,"MSSQL sp_addsrvrolemember Privilege Escalation",""
SIG131=597,"MSSQL sp_msdropretry Privilege Escalation",""
SIG132=598,"MSSQL DTS Packages Privilege Escalation",""
SIG133=599,"MSSQL Core Shielding - Use of Administrative Tools",""
SIG134=601,"MSSQL sp_MSget_publisher_rpc Privilege Escalation",""
SIG135=602,"MSSQL xp_fileexist Privilege Escalation",""
SIG136=603,"MSSQL xp_instance_regwrite Privilege Escalation",""
SIG137=604,"MSSQL xp_instance_regread Privilege Escalation",""
SIG138=605,"MSSQL xp_instance_regenumkeys Privilege Escalation",""
SIG139=606,"MSSQL xp_instance_regenumvalues Privilege Escalation",""
SIG140=607,"MSSQL xp_instance_regremovemultistring Privilege Escalation",""
SIG141=608,"MSSQL xp_instance_regaddmultistring Privilege Escalation",""
SIG142=609,"MSSQL xp_instance_regdeletevalue Privilege Escalation",""
SIG143=610,"MSSQL xp_instance_regdeletekey Privilege Escalation",""
SIG144=752,"Windows Explorer CLSID File Execution",""
SIG145=797,"Unattended Installation File Illegal Access",""
SIG146=801,"Anonymous User Name Lookup",""
SIG147=803,"CD-ROM AutoRun Enabled",""
SIG148=804,"BackOffice Installation Log File Access",""
SIG149=812,"File System Tunneling RegKey Modification",""
SIG150=814,"System File Modification",""
SIG151=825,"BackOrifice 2000 Trojan",""
SIG152=828,"NetBus Trojan Installation",""
SIG153=829,"NetBus Trojan Activation",""
SIG154=832,"Print Spooler Buffer Overflow",""
SIG155=834,"SAM Permissions Modification",""
SIG156=835,"Repair Directory Access",""
SIG157=836,"SAM Config File Access",""
SIG158=837,"Print Provider Modification",""
SIG159=838,"Spoolhack.dll File Creation",""
SIG160=840,"Wordpad Help File Modification",""
SIG161=841,"Winhlp32 Buffer Overflow",""
SIG162=843,"NT4All Privilege Escalation",""
SIG163=844,"Authentication Library Modification",""
SIG165=846,"Server Operator Privilege Escalation",""
SIG166=847,"Common User Startup Folder RegKey Modification",""
SIG167=850,"Change of Service Executable",""
SIG168=853,"IIS Code.asp File Access",""
SIG169=854,"IIS CodeBrws.asp File Access",""
SIG170=855,"IIS Index Server Webhits Source Disclosure",""
SIG171=856,"IIS Malformed Extension Data DoS",""
SIG172=857,"IIS Illegal DSN File Creation",""
SIG173=858,"IIS Showcode.asp Illegal File Access",""
SIG174=860,"IIS ShowFile.asp Illegal File Access",""
SIG175=862,"IIS Jet Database Command Execution",""
SIG176=863,"IIS ASP Alternate Data Streams",""
SIG177=866,"IIS FrontPage imagemap.exe DoS",""
SIG178=869,"IIS catalog_type ASP Sample Page",""
SIG179=872,"IIS MiniVend view_page.html Sample Page",""
SIG180=873,"IIS ASP Sample Site advsearch.asp DoS",""
SIG181=874,"IIS ASP Sample Site search.asp DoS",""
SIG182=875,"IIS ASP Sample Site query.asp DoS",""
SIG183=876,"IIS +.htr File Fragment Reading",""
SIG184=877,"IIS FrontPage htimage.exe DoS",""
SIG185=880,"IIS Sun Java HotSpot DoS",""
SIG186=885,"Screen Saver logon.scr",""
SIG187=891,"Change of Debugger Executable",""
SIG188=892,"HKLM Classes Registry Modification",""
SIG189=893,"RAS PhoneBook Buffer Overflow",""
SIG190=894,"RAS PhoneBook File Modification",""
SIG191=895,"Phone Dialer Buffer Overflow",""
SIG192=896,"Dialer Initialization File Modification",""
SIG193=899,"Fpnwclnt.dll Password Filter Modified",""
SIG194=900,"Startup Password Stored in Registry",""
SIG195=901,"Startup Userid Stored in Registry",""
SIG196=902,"Wordpad DCOM Server RegKey Modification",""
SIG197=904,"Schedule Service Startup Mode Modification",""
SIG198=905,"Schedule Service Activation",""
SIG199=906,"Microsoft Registry Keys Modification",""
SIG200=907,"PWDump Tool Activation",""
SIG201=909,"Rdisk Temp File Access",""
SIG202=910,"Uninstall Registry Key Modification",""
SIG203=911,"Event Log File or Related File Deleted",""
SIG204=912,"Event Log File or Related File Attribute Modified",""
SIG205=913,"Event Log Registry Permissions Modified",""
SIG206=914,"Event Log File Path Modified",""
SIG207=915,"Event Log Guest Access Enabled",""
SIG208=916,"Display of Last Logon Name Enabled",""
SIG209=917,"Caching of Logon Information Enabled",""
SIG210=918,"Strong Password Enforcement Disabled",""
SIG211=919,"Strong Password Enforcer Modified",""
SIG212=920,"Microsoft Installer Registry Key Modified",""
SIG213=922,"IIS Idq.dll Directory Traversal",""
SIG214=923,"IIS Directory Traversal",""
SIG215=924,"IIS Directory Traversal and Code Execution",""
SIG216=927,"WinVNC Installation",""
SIG217=928,"WinVNC Activation",""
SIG218=933,"Network DoS Protection Settings Modified",""
SIG219=935,"IIS JsBrwPop.asp Source Disclosure",""
SIG220=936,"IIS IISHack 1.5 (IIS ASP $19.95 hack)",""
SIG221=937,"IIS Executable File Parsing",""
SIG222=938,"IIS Phone Book Service Buffer Overflow",""
SIG223=939,"IIS Perl Command Execution",""
SIG224=940,"IIS Cross-Site Scripting",""
SIG225=941,"IIS .htw Cross-Site Scripting",""
SIG226=942,"IIS .shtml Cross-Site Scripting",""
SIG227=943,"IIS FrontPage shtml.dll Cross-Site Scripting",""
SIG228=944,"Administrative Shares Enabled",""
SIG229=945,"Required SMB Message Signing Disabled on Server",""
SIG231=947,"SMB Message Signing Disabled on Server",""
SIG232=948,"SMB Message Signing Disabled on Client",""
SIG233=949,"Null Session Access Enabled",""
SIG234=950,"Null Session Access to Named Pipes Modified",""
SIG235=951,"Null Session Access to Shares Modified",""
SIG236=952,"MS-CHAPv2 Authentication Protocol Settings Changed",""
SIG237=953,"Authentication Protocol Settings Modified",""
SIG238=954,"Failed Logon Attempt (Windows)",""
SIG239=957,"Indirect Registry Modification",""
SIG240=958,"Dr. Watson user.dmp Permissions Vulnerability",""
SIG241=959,"Msgina Registry Key Modified",""
SIG242=960,"Msgina.dll File Modified",""
SIG243=961,"Autorun File Created",""
SIG244=962,"SNMP Authentication Traps Disabled",""
SIG245=963,"SNMP Authentication Traps Enabled",""
SIG246=964,"SNMP World-Writable Trap Configuration",""
SIG247=965,"SNMP World-Writable Extension Agents",""
SIG248=966,"SNMP World-Writable Communities",""
SIG249=967,"SNMP World-Writable Permitted Managers",""
SIG250=968,"SNMP Registry Key Permissions Modification",""
SIG251=969,"Machine Shutdown",""
SIG252=972,"Elevation of Privileges With Debug Registers",""
SIG253=973,"TCP/IP Registry Keys Modified",""
SIG254=974,"IP Address Changed",""
SIG255=975,"Remote Access Service Registry Key Modified",""
SIG256=976,"Remote Access Service Deleted",""
SIG257=977,"Remote Access Service Started",""
SIG258=978,"System File Modification in Root Drive",""
SIG259=980,"ODBC.ini File Modification",""
SIG260=982,"Trojaned System File Execution",""
SIG261=983,"Windows File Protection RegKey Modified",""
SIG262=984,"Nimda Worm Installation or Activation",""
SIG263=985,"Illegal Execution",""
SIG264=986,"Task Manager Process Termination Vulnerability",""
SIG265=987,"Event Log File or Related File Modification",""
SIG266=988,"RunAs Service Startup Mode Modification",""
SIG267=989,"RunAs Service Deactivated",""
SIG268=990,"New Startup Folder Program Creation",""
SIG269=992,"SMSS Process Handle Privilege Elevation",""
SIG270=993,"System Drive Executable Modification",""
SIG271=994,"Group Policy Object Access",""
SIG272=999,"Service Created",""
SIG273=1000,"Windows Agent Shielding - Service Access",""
SIG274=1001,"Windows Agent Shielding - File Modification",""
SIG275=1002,"Windows Agent Shielding - Registry Access",""
SIG276=1003,"Windows Agent Shielding - Process Access",""
SIG277=1020,"Windows Agent Shielding - File Access",""
SIG278=1023,"Windows McAfee Agent Shielding - Service Access",""
SIG279=1024,"Windows McAfee Agent Shielding - File Modification",""
SIG280=1025,"Windows McAfee Agent Shielding - Registry Access",""
SIG281=1100,"IIS Site Server ViewCode.asp File Access",""
SIG282=1101,"IIS Password Change",""
SIG283=1102,"IIS ism.dll Remote Administration Access",""
SIG284=1103,"IIS Site Server AdSamples site.csc Info Leak",""
SIG285=1104,"IIS Index Server Sample Site queryhit.htm",""
SIG286=1105,"IIS bdir.htr Directory Listing",""
SIG287=1106,"IIS details.idc Remote Command Execution",""
SIG288=1107,"IIS ctguestb.idc Remote Command Execution",""
SIG289=1108,"IIS Translate: f Source Disclosure",""
SIG290=1109,"IIS Indexed Directory Disclosure",""
SIG291=1110,"IIS FrontPage Extensions shtml.exe Device DoS",""
SIG292=1112,"IIS WebDAV Search Request DoS",""
SIG293=1113,"IIS WebDAV Propfind Request DoS",""
SIG294=1114,"IIS cpshost.dll File Upload",""
SIG295=1116,"IIS FrontPage Admin Access",""
SIG296=1117,"IIS FrontPage .pwd File Permissions",""
SIG297=1119,"IIS IPP .printer Buffer Overflow",""
SIG298=1120,"IIS Double Hex Encoding Directory Traversal",""
SIG299=1121,"IIS CodeRed / Index Server idq.dll Buffer Overflow",""
SIG300=1122,"IIS FrontPage fp30reg.dll Buffer Overflow",""
SIG301=1123,"IIS FrontPage dvwssr.dll Buffer Overflow",""
SIG302=1124,"IIS Remote Command Execution",""
SIG303=1125,"IIS In-process Privilege Escalation",""
SIG304=1126,"IIS Index Server File and Path Disclosure",""
SIG305=1127,"IIS %u (UTF) Encoding",""
SIG306=1128,"IIS Newline/Carriage Return Characters",""
SIG307=1129,"IIS Authentication Method Disclosure",""
SIG308=1130,"IIS Samples Script Request",""
SIG309=1131,"IIS Unicode in Filename",""
SIG310=1132,"IIS Chunked Encoding Heap Overflow",""
SIG311=1133,"IIS COM Extension Request",""
SIG312=1134,"Custom Debugger Attached to a Process",""
SIG313=1135,"Successful Logon (Windows)",""
SIG314=1136,"IIS WebDAV Buffer Overflow",""
SIG315=1137,"Ntdll.dll Buffer Overflow",""
SIG316=1138,"Nimda Installation or Activation (riched20.dll)",""
SIG317=1139,"svchost Buffer Overflow (RPC DCOM)",""
SIG318=1140,"Windows service process Buffer Overflow",""
SIG319=1141,"Exchange Server Buffer Overflow",""
SIG320=1142,"Windows Explorer Buffer Overflow",""
SIG321=1143,"Windows Help Facility Buffer Overflow",""
SIG322=1144,"Outlook Express Buffer Overflow",""
SIG323=1145,"Windows Media Player Buffer Overflow",""
SIG324=1146,"Internet Explorer Buffer Overflow",""
SIG325=1147,"Windows Help and Support Center Buffer Overflow",""
SIG326=1148,"CMD Tool Access by a Network Aware Application",""
SIG327=1149,"CMD Tool Access by a Windows Mail Client or IE",""
SIG328=1150,"CMD Tool Access by FTP Client",""
SIG329=1151,"Message Queue Service Buffer Overflow",""
SIG330=1152,"Sys File Mod in Root Drive of inactive partition",""
SIG331=1153,"Windows Utility Mgr privilege elevation",""
SIG332=1154,"SSL-PCT Buffer Overflow",""
SIG333=1156,"Windows Explorer Illegal Execution",""
SIG334=1157,"USB Storage Device Inserted",""
SIG335=1200,"IIS Shielding - File Access",""
SIG336=1201,"IIS Shielding - File Modification",""
SIG337=1202,"IIS Shielding - Service Modification",""
SIG338=1204,"IIS Shielding - Registry Modification",""
SIG339=1205,"IIS Envelope - File Access by IIS Web User",""
SIG341=1207,"IIS Envelope - File Execution by IIS Process",""
SIG343=1210,"IIS Envelope - Registry Mod. by IIS Process",""
SIG344=1211,"IIS Shielding - Log Files Modification",""
SIG345=1212,"IIS Shielding - Log File Access",""
SIG346=1216,"IIS .printer File Extension Request",""
SIG347=1217,"IIS .HTR File Extension Request",""
SIG348=1218,"IIS SSI File Extension Request",""
SIG349=1219,"IIS Index Server File Ext. Request",""
SIG350=1220,"IIS .IDC File Extension Request",""
SIG351=1221,"IIS Shielding - Conf. File Activ. (ADMCOMConnect)",""
SIG352=1222,"IIS Illegal Request Method",""
SIG353=1223,"IIS Envelope - File Modification by IIS Web User",""
SIG354=1224,"IIS Envelope - File Execution by IIS Web User",""
SIG355=1225,"IIS Envelope - File Access by IIS Process",""
SIG356=1226,"IIS Envelope - File Modification by IIS Process",""
SIG357=1227,"IIS Envelope - Service Mod. by IIS Web User",""
SIG358=1229,"IIS Envelope - Registry Mod. by IIS Web User",""
SIG359=1230,"IIS Shielding - Conf. File Activ.",""
SIG360=1240,"IIS Shielding - FTP File Access",""
SIG361=1241,"IIS Shielding - FTP File Modification",""
SIG362=1250,"IIS Shielding - FTP Log File Modification",""
SIG363=1251,"IIS Shielding - FTP Log File Access",""
SIG364=1253,"IIS Shielding - FTP File Execution",""
SIG365=1254,"IIS Shielding - FTP File Creation",""
SIG366=1256,"IIS Shielding - File Execution",""
SIG367=1260,"IIS6 Envelope - File Access by IIS Process",""
SIG368=1261,"IIS6 Envelope - File Access by IIS Web User",""
SIG369=1262,"IIS6 Envelope - File Execution by IIS Process",""
SIG370=1263,"IIS6 Envelope - File Execution by IIS Web User",""
SIG371=1264,"IIS6 Envelope - File Modification by IIS Process",""
SIG372=1265,"IIS6 Envelope - File Modification by IIS Web User",""
SIG373=1266,"IIS6 Envelope - Registry Mod. by IIS Process",""
SIG374=1267,"IIS6 Envelope - Registry Mod. by IIS Web User",""
SIG375=1268,"IIS6 Envelope - Service Mod. by IIS Process",""
SIG376=1269,"IIS6 Envelope - Service Mod. by IIS Web User",""
SIG377=1280,"IIS6 Shielding - File Access",""
SIG378=1281,"IIS6 Shielding - File Execution",""
SIG380=1283,"IIS6 Shielding: File Mod in System Folder",""
SIG381=1284,"IIS6 Shielding - Log File Access",""
SIG382=1285,"IIS6 Shielding - Log Files Modification",""
SIG383=1286,"IIS6 Shielding - Conf. File Activ.",""
SIG384=1287,"IIS6 Shielding - Conf. File Activ. (ADMCOMConnect)",""
SIG385=1288,"IIS6 Shielding - Registry Modification",""
SIG386=1289,"IIS6 Shielding - Service Modification",""
SIG387=1354,"Locator Service Buffer Overflow",""
SIG388=2300,"Internet Explorer Hardening Disabled",""
SIG389=2400,"IIS6 Web Admin Cross-Site Scripting Attack",""
SIG390=2600,"IE Envelope - Mail Files Access",""
SIG391=2601,"IE Envelope - Source Code File Access",""
SIG392=2602,"IE Envelope - Office Document File Access",""
SIG393=2603,"IE Envelope - Confidential Office Doc. File Access",""
SIG394=2604,"IE Envelope - Crypto File Access",""
SIG395=2620,"IE Envelope - Windows Executable Modification",""
SIG396=2621,"IE Envelope - Abnormal Executable Modification",""
SIG397=2622,"IE Envelope - Software Installation By Explorer",""
SIG398=2640,"IE Envelope - Abnormal Program Execution",""
SIG399=2641,"IE Envelope - Execution Of Temp. Internet Files",""
SIG400=2660,"IE Envelope - HTML Application Execution",""
SIG401=2661,"IE Envelope - Suspicious Executable Modification",""
SIG402=2662,"IE Envelope - Compiled Help File Execution",""
SIG403=2663,"IE Envelope - NTVDM Execution",""
SIG404=2664,"IE Envelope - Windows Help Execution",""
SIG405=2720,"Outlook Envelope - Windows Executable Mod.",""
SIG406=2721,"Outlook Envelope - Abnormal Executable Mod.",""
SIG407=2722,"Outlook Envelope - Dangerous File Creation",""
SIG408=2740,"Outlook Envelope - Abnormal Program Execution",""
SIG409=2741,"Outlook Envelope - Execution Temp. Internet Files",""
SIG410=2760,"Outlook Envelope - HTML Application Execution",""
SIG411=2761,"Outlook Envelope - Suspicious Executable Mod.",""
SIG412=2762,"Outlook Envelope - Compiled Help File Execution",""
SIG413=2763,"Outlook Envelope - NTVDM Execution",""
SIG414=3700,"TCP Port Scan",""
SIG415=3701,"UDP Port Scan",""
SIG416=3702,"Firewall Event Marked As Intrusion",""
SIG417=3718,"Network Share Provider Denial of Service (SMBdie)",""
SIG418=3720,"MSSQL Resolution Service Buffer Overflow (Slammer)",""
SIG419=3721,"RPC DCOM Stack Buffer Overflow (Blaster, Nachi)",""
SIG420=3722,"RPC Service Denial of Service (WinNuke)",""
SIG421=3723,"Windows PPTP Server Buffer Overflow",""
SIG422=3724,"LSASS Dcpromo Log File Buffer Overflow (Sasser)",""
SIG423=3725,"IP Options Validation Overflow",""
SIG425=3727,"IE drag and drop file installation",""
SIG426=3728,"MSRPC LLSSRV Buffer Overflow",""
SIG427=3730,"Windows Explorer MSHTA Script Execution",""
SIG428=3731,"URL Decoding Zone Spoofing Vulnerability",""
SIG429=3732,"IE DHTML edit ActiveX control Cross-Zone/domain Scripting",""
SIG430=3733,"Windows Messenger Service Buffer Overflow",""
SIG431=3734,"Print Spooler Service Buffer Overflow",""
SIG432=3735,"Plug and Play Buffer Overflow (Zotob)",""
SIG433=3736,"Telephony Service Buffer Overflow",""
SIG434=3737,"COM Object Instantiation Memory Corruption Vulnerability",""
SIG435=3738,"MSDTC RPC Vulnerability",""
SIG436=3739,"Windows Plug-and-Play Buffer Overflow Vulnerability 2",""
SIG437=3740,"Client Services For Netware Vulnerability",""
SIG438=3741,"Windows Metafile Heap Overflow Vulnerability",""
SIG439=3742,"Windows Enhanced Metafile Heap Overflow Vulnerability",""
SIG440=3744,"Graphics Rendering Engine Vulnerability",""
SIG441=3745,"Korean Input Method Editor Vulnerability",""
SIG443=3747,"Microsoft Windows Service ACLs Privilege Escalation Vulnerability",""
SIG444=3748,"MDAC Code Execution Vulnerability",""
SIG445=3749,"Internet Explorer HTA Execution Vulnerability",""
SIG446=3750,"Remote COM Activation by Desktop.ini Vulnerability",""
SIG447=3752,"MSDTC RPC DoS Vulnerability",""
SIG449=3754,"Illegal Execution in winword.exe",""
SIG452=3757,"MSHTA Directory Traversal Vulnerability",""
SIG453=3758,"Management Console Vulnerability",""
SIG454=3759,"MHTML Parsing Vulnerability",""
SIG455=3760,"Internet Explorer FTP Command Injection Vulnerability",""
SIG456=3761,"Winsock Hostname Vulnerability",""
SIG457=3762,"IE SourceURL NULL Dereference Vulnerability",""
SIG458=3763,"Windows Kernel Elevation of Privilege Vulnerability",""
SIG459=3764,"Illegal Execution in services.exe",""
SIG460=3765,"Illegal Execution in svchost.exe",""
SIG462=3767,"Windows Server Service Buffer Overflow Vulnerability (2)",""
SIG463=3768,"Windows Server Service Buffer Overflow Vulnerability (Tighter Security)",""
SIG464=3769,"Windows Metafile Denial of Service Vulnerability",""
SIG465=3771,"Vulnerability in Indexing Service Could Allow Cross-Site Scripting",""
SIG466=3772,"Client Services for Netware BO Vulnerability",""
SIG467=3773,"COM Object Instantiation Memory Corruption Vulnerability for daxctle.ocx",""
SIG468=3774,"Microsoft Internet Explorer Vector Markup Language Vulnerability (1)",""
SIG469=3775,"Windows Shell Vulnerability in WebViewFolderIcon",""
SIG470=3776,"Microsoft Internet Explorer Vector Markup Language Vulnerability (2)",""
SIG471=3777,"Windows ASN.1 Heap Overflow Vulnerability",""
SIG472=3778,"Internet Explorer 7 Address Bar Spoofing Vulnerability",""
SIG473=3779,"Windows IE ADODB.Connection Vulnerability",""
SIG474=3780,"IPNATHLP.DLL Malformed DNS Denial of Service",""
SIG475=3781,"Netware Driver Denial of Service Vulnerability",""
SIG476=3782,"Vulnerability in Workstation Service Could Allow Remote Code Execution",""
SIG477=3783,"Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution",""
SIG478=3784,"Vulnerability in Microsoft Agent Could Allow Remote Code Execution",""
SIG479=3785,"Microsoft XML Core Services Vulnerability",""
SIG480=3786,"Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (2)",""
SIG482=3788,"COM Object Instantiation Memory Corruption Vulnerability (2)",""
SIG483=3789,"Vulnerability in Microsoft Step-by-Step Interactive Training",""
SIG484=3790,"Windows Address Book Contact Record Vulnerability",""
SIG485=3791,"Vulnerability in Microsoft Rich Edit and Microsoft MFC",""
SIG486=3792,"Vulnerability in Windows Media Player Could Allow Remote Code Execution",""
SIG487=3793,"Adobe Reader and Acrobat ActiveX Control Remote Code Execution Vulnerabilities",""
SIG488=3797,"Microsoft Windows Message Queuing Buffer Overflow Vulnerability",""
SIG489=3798,"Vulnerability in Remote Installation Service Could Allow Remote Code Execution",""
SIG490=3799,"Vulnerability in Windows Media Player ASX PlayList File",""
SIG491=3800,"Vulnerability in Windows Media Player Could Allow Remote Code Execution (2)",""
SIG492=3801,"Vulnerability in TCP/IP Could Allow Remote Code Execution",""
SIG493=3802,"Vulnerability in Server Service Could Allow Remote Code Execution",""
SIG494=3803,"Vulnerabilities in DNS Resolution Could Allow Remote Code Execution",""
SIG495=3804,"Vulnerability in Server Service Could Allow Denial of Service",""
SIG496=3805,"Adobe Download Manager Stack Overflow Vulnerability",""
SIG497=3806,"FTP Username/Password Overflow",""
SIG498=3807,"Microsoft Outlook Advanced Find Vulnerability",""
SIG499=3808,"Microsoft Outlook Advanced Find Vulnerability (2)",""
SIG500=3809,"Microsoft Outlook VEVENT Vulnerability",""
SIG501=3810,"Office 2003 Brazilian Grammar Checker Vulnerability",""
SIG502=3811,"Adobe Reader Plug-in Cross-Site Scripting Vulnerability",""
SIG503=3812,"Adobe Reader Plug-in Cross-Site Scripting Vulnerability (2)",""
SIG504=3813,"Acer LunchApp.APlunch ActiveX Control Run Insecure Method Vulnerability",""
SIG505=3814,"Microsoft Word Enveloping - Illegal file creation",""
SIG506=3815,"Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege",""
SIG507=3816,"COM Object Instantiation Memory Corruption Vulnerability (4)",""
SIG508=3817,"COM Object Instantiation Memory Corruption Vulnerability (3)",""
SIG509=3818,"Microsoft XML Core Services Vulnerability (3)",""
SIG510=3819,"Vulnerability in HTML Help ActiveX Control",""
SIG512=3821,"Vulnerability in Microsoft Word Macro Security",""
SIG513=3822,"Vulnerability in Windows Shell Could Allow Elevation of Privilege",""
SIG514=3823,"Installation of BackDoor-CPX",""
SIG515=3824,"Google Desktop JavaScript Injection Vulnerability",""
SIG516=3825,"CAPICOM.DLL Improper Arguments Vulnerability",""
SIG517=3826,"Multiple buffer overflows in the SupportSoft ActiveX controls",""
SIG518=3827,"Microsoft Content Management Service Vulnerability",""
SIG519=3828,"Cross-site Scripting in Microsoft Content Management Service Vulnerability",""
SIG520=3829,"Sticky Keys File Replacement Backdoor",""
SIG521=3830,"Internet Explorer 7 ''navcancl'' Address Bar Spoofing Vulnerability",""
SIG522=3831,"Windows IE ADODB.Recordset Vulnerability",""
SIG523=3832,"EMF Elevation of Privilege Vulnerability",""
SIG524=3833,"Vulnerability in Research in Motion ActiveX control",""
SIG525=3834,"Vulnerability in mdsauth ActiveX control",""
SIG526=3835,"COM Object Instantiation Memory Corruption Vulnerability (5)",""
SIG527=3836,"GDI Incorrect Parameter Elevation of Privilege Vulnerability",""
SIG528=3837,"Font Rasterizer Elevation of Privilege Vulnerability",""
SIG529=3838,"Windows Animated Cursor Handling vulnerability",""
SIG530=3839,"Microsoft Agent URL Parsing Vulnerability",""
SIG531=3840,"Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution",""
SIG532=3841,"Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability",""
SIG534=3844,"Microsoft Exchange DoS Vulnerability",""
SIG535=3845,"Vulnerability in Universal Plug and Play (UPnP) Service Could Allow Remote Code Execution",""
SIG536=3846,"Vulnerability in processing FTP Reply Could Allow Remote Code Execution",""
SIG537=3847,"Vulnerability in Win32 API Could Allow Remote Code Execution",""
SIG538=3848,"Speech Control Memory Corruption Vulnerability",""
SIG539=3849,"URL Redirect Vulnerability in MHTML Protocol Handler via Internet Explorer",""
SIG540=3850,"IE and OE Cross Domain Security Bypass Vulnerability",""
SIG541=3851,"MHTML Prefix Vulnerability could allow Information Disclosure",""
SIG542=3852,"ASP.NET Null Byte Termination Vulnerability",""
SIG543=3853,"Command Injection flaw in IE/Firefox",""
SIG544=3854,"Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability",""
SIG545=3855,"Firefox Illegal URL Quotes Vulnerability",""
SIG546=3858,"Vulnerability in OLE Automation Could Allow Remote Code Execution",""
SIG547=3859,"Buffer Overflow in Microsoft Virtual PC",""
SIG548=3860,"Vulnerability in TypeLibInfo ActiveX Control Could Allow Remote Code Execution",""
SIG549=3861,"Vulnerability in Windows Media Player Could Allow Remote Code Execution",""
SIG550=3862,"Vulnerability in pdwizard.ocx Memory Corruption Vulnerability",""
SIG551=3864,"MS Agent Buffer Overflow Vulnerability",""
SIG552=3865,"Vulnerability in Windows UNIX Services could allow elevation of privilege",""
SIG553=3866,"Vulnerability in Apple QuickTime ''qtnext'' attribute could allow remote code execution",""
SIG554=3867,"Vulnerability in Kodak Preview could allow remote code execution",""
SIG555=3868,"Vulnerability in ShellExecute Could Allow Remote Code Execution",""
SIG556=3869,"Vulnerability in RealPlayer ActiveX Control Could Allow Remote Code Execution",""
SIG557=3870,"VMWare Workstation Shielding - Service Modification",""
SIG558=3871,"VMWare Workstation Shielding - Registry Modification",""
SIG559=3872,"VMWare Workstation Shielding - File Modification",""
SIG560=3873,"VMWare Server Shielding - Service Modification",""
SIG561=3874,"VMWare Server Shielding - Registry Modification",""
SIG562=3875,"VMWare Server Shielding - File Modification",""
SIG563=3876,"Vulnerability in Macrovision FLEXnet ActiveX Control Could Allow Remote Code Execution",""
SIG565=3879,"VMware Workstation Core Envelope - File Modification",""
SIG566=3882,"VMware Workstation Core Envelope - Service Modification",""
SIG567=3883,"Access Protection - Prevent Registry Editor and Task Manager from being disabled",""
SIG568=3884,"Access Protection - Prevent user rights policies from being altered",""
SIG569=3885,"Access Protection - Prevent remote creation/modification of executable and configuration files",""
SIG570=3886,"Access Protection - Prevent remote creation of autorun files",""
SIG571=3887,"Access Protection - Prevent hijacking of .EXE and other executable extensions",""
SIG572=3888,"Access Protection - Prevent Windows Process spoofing",""
SIG573=3889,"Access Protection - Prevent use of tftp.exe",""
SIG574=3890,"Access Protection - Protect Internet Explorer favorites and settings",""
SIG575=3891,"Access Protection - Prevent installation of new CLSIDs, APPIDs and TYPELIBs",""
SIG576=3893,"Access Protection - Prevent execution of scripts from the Temp folder",""
SIG577=3894,"Access Protection - Prevent svchost executing non-Windows executables",""
SIG578=3895,"Access Protection - Protect phonebook files from password and email address stealers",""
SIG579=3896,"Access Protection - Prevent alteration of all file extension registrations",""
SIG580=3897,"Access Protection - Protect cached files from password and email address stealers",""
SIG581=3898,"Access Protection - Prevent modification of McAfee files and settings",""
SIG582=3899,"Access Protection - Prevent modification of McAfee Common Management Agent files and settings",""
SIG583=3900,"Access Protection - Prevent modification of McAfee Scan Engine files and settings",""
SIG584=3901,"Access Protection - Protect Mozilla and FireFox files and settings",""
SIG585=3902,"Access Protection - Protect Internet Explorer settings",""
SIG586=3903,"Access Protection - Prevent installation of Browser Helper Objects and Shell Extensions",""
SIG587=3904,"Access Protection - Protect network settings",""
SIG588=3905,"Access Protection - Prevent all programs from running files from the Temp folder",""
SIG589=3906,"Access Protection - Prevent programs registering to autorun",""
SIG590=3907,"Access Protection - Prevent programs registering as a service",""
SIG591=3908,"Access Protection - Prevent creation of new executable files in the Windows folder",""
SIG592=3909,"Access Protection - Prevent creation of new executable files in the Program Files folder",""
SIG593=3910,"Access Protection - Prevent launching of files from the Downloaded Program Files folder",""
SIG594=3911,"Vulnerability in HP Virtual Rooms ActiveX Control Could Allow Remote Code Execution",""
SIG595=3912,"Vulnerability in Microsoft Office Web Components ActiveX Control Could Allow Remote Code Execution",""
SIG596=3913,"Vulnerability in Microsoft Word Could Allow Remote Code Execution",""
SIG597=3915,"Vulnerability in IE Argument Validation Handling in dxtmsft.dll Could Allow Remote Code Execution",""
SIG598=3916,"Vulnerability in Visual Studio 6 Could Allow Remote Code Execution",""
SIG599=3917,"Windows File Share Creation",""
SIG600=3918,"Outlook mailto URI Handling Vulnerability",""
SIG601=3919,"VMware Server Core Envelope - File Modification",""
SIG602=3920,"VMware Server Core Envelope - Service Modification",""
SIG603=3921,"MS Word Mail Merge Vulnerability",""
SIG604=3922,"Illegal Execution in Microsoft Excel",""
SIG605=3923,"Vulnerability in Microsoft HxVz ActiveX Control Could Allow Remote Code Execution",""
SIG606=3924,"Vulnerability in Windows GDI32 Could Allow Remote Code Execution",""
SIG607=3925,"VMware VMX Process Hijacking",""
SIG608=3926,"IBM Lotus Expeditor cai: URI handling Vulnerability",""
SIG610=3928,"Safari Desktop Download Vulnerability",""
SIG611=3929,"Microsoft Speech Components ActiveX Object Memory Corruption Vulnerability",""
SIG612=3930,"Vulnerability in BackWeb ActiveX Control Could Allow Remote Code Execution",""
SIG613=3931,"Creative Software AutoUpdate Engine ActiveX Stack Buffer Overflow Vulnerability",""
SIG614=3933,"Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution",""
SIG615=3934,"Vulnerability in the ActiveX Control for Aurigma Image Uploader Could Allow Remote Code Execution",""
SIG616=3935,"Vulnerability in the ActiveX Control for HP Instant Support Could Allow Remote Code Execution",""
SIG617=3937,"Vulnerability in Microsoft Office WPG Image Converter Filter Could Allow Remote Code Execution",""
SIG618=3938,"Vulnerability in Microsoft Office PICT Image Converter Filter Could Allow Remote Code Execution",""
SIG619=3939,"Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution",""
SIG620=3941,"Microsoft Visual Studio Msmask32 ActiveX Control Could Allow Remote Code Execution",""
SIG621=3945,"Adobe Flash Clipboard Poisoning Vulnerability",""
SIG622=3946,"Microsoft Windows Media Encoder 9 Could Allow Remote Code Execution",""
SIG623=3947,"OneNote URI Validation Error Vulnerability",""
SIG624=3948,"Windows Metafile Remote Code Execution Vulnerability",""
SIG625=3952,"Novell iPrint Client ActiveX Control Stack Buffer Overflow Vulnerability",""
SIG626=3953,"RealNetworks RealPlayer Rmoc3260.dll ActiveX Control Memory Corruption Vulnerability",""
SIG627=3954,"ComponentOne VSFlexGrid v. 7/8 ActiveX Control ''Archive()'' method Local Buffer Overflow Vulnerability",""
SIG628=3956,"VMWare COM API Remote Buffer Overflow Vulnerability",""
SIG629=3957,"Microsoft KB956391 Cumulative Update of ActiveX Kill Bits",""
SIG630=3958,"Vulnerability in Message Queuing Could Allow Remote Code Execution",""
SIG631=3959,"Vulnerability in Host Integration Server Could Allow Remote Code Execution",""
SIG632=3960,"CDO Protocol Handler Vulnerability Could Allow Information Disclosure",""
SIG633=3961,"Vulnerability in Server Service Could Allow Remote Code Execution",""
SIG634=3965,"Adobe Acrobat util.printf Buffer Overflow",""
SIG635=2201,"Vulnerabilities in Windows Search Could Allow Remote Code Execution (CVE-2008-4269)",""
SIG636=2202,"Vulnerabilities in GDI Could Allow Remote Code Execution (CVE-2008-2249)",""
SIG637=2200,"Vulnerability in Microsoft Office Sharepoint Server Could Cause Elevation of Privilege",""
SIG638=2204,"Vulnerability in the ActiveX Control for IE Navigate Could Allow Remote Code Execution",""
SIG639=2207,"WMP Vulnerability Could Allow an Authentication Reflection Attack by WMS",""
SIG640=2205,"CVE-2008-4255 Vulnerability in Microsoft Windows Common AVI Control",""
SIG641=2206,"CVE-2008-4256 Vulnerability in Microsoft Charts Control",""
SIG642=2208,"Vulnerability in Internet Explorer Could Allow Remote Code Execution (CVE-2008-4844)",""
SIG643=2210,"Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow",""
SIG644=2211,"Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (3)",""
SIG645=2212,"Vulnerabilities in Windows Win32k Kernel Could Allow Remote Code Execution",""
SIG646=2213,"Vulnerability in Microsoft Exchange EMSMDB32 Could Allow Denial of Service",""
SIG647=2214,"Vulnerabilities in Akamai Download Manager Could Allow Remote Code Execution",""
SIG648=2215,"Vulnerabilities in Research in Motion (RIM) AxLoader Could Allow Remote Code Execution",""
SIG649=2216,"Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution",""
SIG650=2219,"Vulnerabilities in Internet Information Services 5.0 Could Allow Authentication Bypass",""
SIG651=2220,"Vulnerabilities in Internet Information Services 5.1 and 6.0 Could Allow Authentication Bypass",""
SIG652=2217,"Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution",""
SIG653=2218,"Autorun File Read Blocked",""
SIG654=2222,"Print Spooler Load Library Vulnerability",""
SIG655=2223,"Microsoft KB969898 Update Rollup of ActiveX Kill Bits",""
SIG656=2221,"Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution",""
SIG658=6003,"Generic SQL Injection - I",""
SIG659=6004,"Generic SQL Injection - II",""
SIG660=6005,"Generic SQL Injection - III",""
SIG661=6006,"Generic SQL Injection - IV",""
SIG662=6007,"Generic SQL Injection - V",""
SIG663=6008,"Generic SQL Injection - VI",""
SIG664=6010,"Generic Application Hooking Protection",""
SIG665=6011,"Generic Application Invocation Protection",""
SIG666=2225,"Vulnerability in Office Web Components Could Allow Remote Code Execution",""
SIG667=2226,"Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution",""
SIG668=2227,"Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution",""
SIG669=2228,"Vulnerability in Workstation Service Could Allow Elevation of Privilege",""
SIG670=2229,"Vulnerabilities in Remote Desktop Client Could Allow Remote Code Execution",""
SIG671=2230,"Tiny Or Overlap Fragment Attack Vulnerability",""
SIG672=2231,"Vulnerability in SMB Could Allow Remote Code Execution",""
SIG673=2232,"SMB Buffer Overflow Remote Code Execution Vulnerability",""
SIG674=2233,"SMB Validation Remote Code Execution Vulnerability",""
SIG675=2234,"Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution",""
SIG676=2235,"Vulnerability in Windows Media Player Could Allow Remote Code Execution",""
SIG677=2236,"Suspicious ActiveX Control Instantiation by Internet Explorer (Oct. ''09)",""
SIG678=2237,"Vulnerability in Indexing Service Could Allow Remote Code Execution",""
SIG679=2238,"Vulnerability in Symantec Altiris Deployment Solution ActiveX Could Allow Remote Code Execution",""
SIG680=2239,"Vulnerability in License Logging Server Could Allow Remote Code Execution",""
SIG681=2240,"Windows Metafile Denial of Service Vulnerability (2)",""
SIG682=2241,"Apache (ePO) Shielding - Log File Access",""
SIG683=2242,"Apache (ePO) Shielding - Log File Modification",""
SIG684=2243,"Apache (ePO) Shielding - File Modification in apache System Folder",""
SIG685=2244,"Apache (ePO) Shielding - File Access Conf. Folder",""
SIG686=2245,"Apache (ePO) Shielding - File Modification Conf. Folder",""
SIG687=2246,"Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution",""
SIG688=2247,"NTVDM Execution Prevention",""
SIG689=6012,"Suspicious Function Invocation - Return to API",""
SIG690=6013,"Suspicious Function Invocation - CALL Not Found",""
SIG691=6014,"Suspicious Function Invocation - Return Address Not Readable",""
SIG692=6015,"Suspicious Function Invocation - Target Address Mismatch",""
SIG693=2254,"Suspicious Process Invocation - Acrobat Reader",""
SIG694=2251,"Vulnerability in Windows Shell Handler Could Allow Remote Code Execution",""
SIG695=2252,"Microsoft KB978262 Critical Cumulative Security Update of ActiveX Kill Bits",""
SIG696=2256,"Suspicious Process Invocation - Foxit Reader",""
SIG697=2258,"Microsoft Office SharePoint Server 2007 Cross Site Vulnerability",""
SIG698=2259,"Microsoft Office Sharepoint Help Page Denial of Service Vulnerability",""
SIG699=6024,"TrustedSource Remote IP Address Blocked",""
SIG700=6029,"SMB Buffer Underflow Vulnerability",""
SIG701=6031,"SMB Pathname Overflow Vulnerability",""
SIG702=2260,"Vulnerability in Microsoft Data Analyzer ActiveX Control Could Allow Remote Code Execution",""
SIG703=2261,"Vulnerability in Microsoft Internet Explorer 8 Developer Tools Could Allow Remote Code Execution",""
SIG704=2262,"Microsoft Internet Explorer 8 Uninitialized Memory Corruption Vulnerability",""
SIG705=2264,"Generic SQL Injection - Declare",""
SIG706=2265,"Delay Delete File Protection",""
SIG707=2266,"Access ActiveX Control Vulnerability",""
SIG708=2267,"ACCWIZ.dll Uninitialized Variable Vulnerability",""
SIG709=2263,"Suspicious HelpCtr.exe Process Invocation - Internet Explorer",""
SIG710=2268,"Microsoft XML Core Services ActiveX Control Vulnerability",""
SIG711=2269,"Microsoft Silverlight ActiveX Control Vulnerability",""
SIG712=2270,"TLS/SSL Renegotiation Vulnerability",""
SIG713=2271,"Vulnerability in Cinepak Codec Could Allow Remote Code Execution",""
SIG714=6033,"Shortcut Icon Loading Vulnerability",""
SIG715=6026,"Vulnerability in Event System could allow Remote Code Execution",""
SIG716=6027,"Vulnerability in GDI could allow Remote Code Execution",""
SIG717=6039,"Vulnerability in Windows Could Allow Remote Code Execution using maliciously crafted DVR-MS file",""
SIG718=6028,"Vulnerability in Windows Shell Handler URL Validation Could Allow Remote Code Execution",""
SIG719=6034,"IE createTextRange Vulnerability",""
SIG720=2272,"Possible Print Spooler Service Impersonation Attempt Detected",""
SIG721=2273,"Directory Authentication Bypass Vulnerability",""
SIG722=2279,"Vulnerability in CGM Image Converter Could Allow Remote Code Execution",""
SIG723=2281,"Vulnerability in FlashPix Graphics Filter Could Allow Remote Code Execution",""
SIG724=6035,"UAG Redirection Issue May Allow Phishing Vulnerability",""
SIG725=6036,"UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability",""
SIG726=6037,"XSS in Sginurl.asp Vulnerability",""
SIG727=6046,"UAG Default Reflected XSS Vulnerability",""
SIG728=2278,"PKMAXCTL.DLL ActiveX Use After Free Vulnerability",""
SIG729=2280,"Vulnerability in Netlogon RPC Service Could Allow Denial of Service",""
SIG730=2282,"Windows Backup Manager DLL loading Vulnerability",""
SIG731=2283,"Windows Media Filter DLL loading Vulnerability",""
SIG732=2284,"Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution",""
SIG733=2285,"Active Directory SPN Validation Vulnerability",""
SIG734=2287,"Microsoft WMITools ActiveX Control Vulnerability",""
SIG735=2288,"Microsoft Windows Messenger ActiveX Control Vulnerability",""
SIG736=6032,"Suspicious Function Invocation - Target Address Mismatch",""
SIG737=6038,"SMB Transaction Parsing Vulnerability",""
SIG738=6022,"Vulnerability in SMB Could Allow Denial of Service",""
SIG739=2294,"Chart Control Information Disclosure Vulnerability",""
SIG740=2295,"Report Viewer Controls XSS Vulnerability",""
SIG741=2293,"Remote Desktop Web Access Vulnerability",""
SIG742=2289,"XSS in SharePoint Calendar Vulnerability",""
SIG743=2290,"Editform Script Injection Vulnerability",""
SIG744=2291,"Contact Details Reflected XSS Vulnerability",""
SIG745=2292,"SharePoint XSS Vulnerability",""
SIG746=2776,"Microsoft Office Component Insecure Library Loading Remote Code Execution",""
SIG747=2777,"Windows Components Insecure Library Loading Remote Code Execution",""
SIG748=2778,"Media Center Insecure Library Loading Vulnerability",""
SIG749=2296,"OLEAuto32.dll Remote Code Execution Vulnerability",""
SIG750=2779,"TDSS Rootkit Infection",""
SIG751=2780,"Windows Mail Insecure Library Loading Vulnerability",""
SIG752=2784,"Internet Explorer Insecure Library Loading Vulnerability",""
SIG753=2785,"Windows Power Point Insecure DLL loading Vulnerability",""
SIG754=2772,"Access Protection - Disable HCP URLs in Internet Explorer",""
SIG755=3892,"Access Protection - Prevent termination of McAfee processes",""
SIG756=2783,"Adobe Flex SWF Cross Site Scripting",""
SIG757=2786,"IIS 6.0 Denial of Service Vulnerability",""
SIG758=2787,"W32/Yunsip Infection",""
SIG759=2297,"Access Protection - Prevent common programs from running files from the Temp folder",""
SIG760=6047,"Illegal Execution - Writable Memory",""
SIG761=6066,"Illegal Execution - Writable Memory II",""
SIG762=6048,"Suspicious Function Invocation - Different Stack",""
SIG763=6049,"Suspicious Function Invocation - No Module",""
SIG764=2789,"Microsoft Indeo Codec Insecure Library Loading Vulnerability",""
SIG765=2790,"Microsoft Color Control Panel Insecure Library Loading Vulnerability",""
SIG767=2794,"Windows Media Encoder Insecure Library Loading Vulnerability",""
SIG768=2788,"Symantec pcAnywhere Insecure File Permissions Vulnerability",""
SIG769=2791,"Microsoft SharePoint XSS in inplview.aspx",""
SIG770=2792,"Microsoft SharePoint XSS in wizardlist.aspx",""
SIG771=6042,"DNS Rule Violation",""
SIG772=6051,"Access Protection - Prevent hooking of McAfee processes",""
SIG773=2793,"Microsoft Expression Design Insecure Library Loading Vulnerability",""
SIG774=2795,"Microsoft Visio Insecure Library Loading Vulnerability",""
SIG775=2796,"MSCOMCTL.OCX RCE Vulnerability",""
SIG776=2797,"Microsoft Windows Object Packager Insecure Executable Launching",""
SIG777=2798,"Windows Lync Insecure DLL loading Vulnerability",""
SIG778=6043,"Remote Desktop Remote Code Execution Vulnerability",""
SIG779=2801,"Oracle Java Web Start  XXaltjvm Option Command Line Injection",""
SIG780=2802,"Java Envelope - Creation of suspicious files in Temp folder",""
SIG781=2803,"Java Envelope - Starting suspicious process from Temp folder",""
SIG782=2800,"Microsoft Dynamic AX XSS Vulnerability",""
SIG783=2799,"Microsoft Word Insecure DLL loading Vulnerability",""
SIG784=2808,"Microsoft SharePoint XSS in query.iqy",""
SIG785=2807,"Microsoft SharePoint XSS in scriptresx.ashx",""
SIG786=6001,"Suspicious Data Sequence in Javascript",""
SIG787=2809,"Microsoft Office ClickOnce Unsafe Object Package Handling Exploit",""
SIG788=2806,"Attempt to create a hardlink to a file",""
SIG789=2810,"Microsoft Office And SQL Server MSCOMCTL.OCX RCE Vulnerability",""
SIG790=6054,"VLC - Suspicious Function Invocation",""
SIG791=2815,"Microsoft Notepad Insecure Library Loading Vulnerability",""
SIG792=2816,"Windows Live Mail dwmapi DLL Hijacking Vulnerability",""
SIG793=2813,"Vulnerability in System Center Configuration Manager ReportChart.asp Could Allow Elevation of Privilege",""
SIG794=2817,"Microsoft SQL Server Reflected XSS Privilege Escalation Vulnerability",""
SIG795=2804,"Opening Internet browser as Administrator",""
SIG796=2805,"Opening Email client as Administrator",""
SIG797=2812,"Disttrack malware infection",""
SIG798=6053,"Accessing other users home directory",""
SIG799=2818,".Net Application DLL Loading Vulnerability",""
SIG800=2825,"DirectPlay Remote Code Execution Vulnerability",""
SIG801=2819,"Windows Enumerate File Vulnerability",""
SIG802=2820,"Access Protection - Prevent patching or deletion of services.exe",""
SIG803=2821,"Access Protection - Prevent unknown processes to modify/patch or delete system drivers",""
SIG804=2822,"ZeroAccess malware Infection",""
SIG805=2827,"Microsoft IIS OData Services Denial of Service vulnerability",""
SIG806=2814,"SCOM console XSS Vulnerability",""
SIG807=6044,"Vulnerability in DNSAPI Allow Remote Code Execution",""
SIG808=2829,"Block Packet Sniffer",""
SIG809=2830,"Block User Creation",""
SIG810=2831,"Microsoft SharePoint Server JavaScript Elements Privilege Escalation",""
SIG811=2834,"Java - Creation of suspicious files in Temp folder",""
SIG812=2836,"Remote Desktop Client Mstscax Remote Code Execution Vulnerability",""
SIG813=2837,"Microsoft Antimalware Client Privilege Escalation Vulnerability",""
SIG814=6045,"SMB Brute Force Attack",""
SIG815=6052,"Generic Privilege Escalation Prevention",""
SIG816=2840,"Microsoft Windows Media Format Video Decoder Remote Code Execution Vulnerability",""
SIG817=6055,"Exploitation using Windows Hot Patch Routine",""
SIG818=6025,"Timed Group Enabled / Expired",""
SIG819=2842,"Exploitation using Library load from UNC Path",""
SIG820=2843,"Microsoft SharePoint Server POST XSS Privilege Escalation",""
SIG821=2845,"Windows Theme File Remote Code Execution Vulnerability",""
SIG822=8000,"Behavior Based Exploit Protection",""
SIG823=8001,"Suspicious Exploit Behavior",""
SIG824=8002,"Possible Exploit Behavior",""
SIG825=2844,"Microsoft Word WordPerfect5 Converter Module Buffer Overflow Vulnerability",""
SIG826=2846,"InformationCardSigninHelper ActiveX Control Vulnerability",""
SIG828=9990,"Microsoft DEP integration and monitoring by Endpoint Security",""
SIG829=2850,"Microsoft BFE service protection",""
SIG830=2851,"Microsoft SharePoint Server 2013 XSS Vulnerability",""
SIG831=6057,"Detect IE Safe Scripting Flag Exploitation",""
SIG832=6058,"SSL Heartbleed Unencrypted Attack",""
SIG833=2852,"BSDK_VAWTRAK Malware Attack",""
SIG834=2853,"Vulnerability in OLE Object Could Allow Remote Code Execution",""
SIG835=6060,"PDF Sandbox Escape Malicious CopyFile",""
SIG836=2856,"T1060 - Microsoft Office Remote Code Execution",""
SIG837=6065,"Policy Load Status",""
SIG838=6067,"Self Protection - Critical Registry Access",""
SIG839=6500,"SSH Version 2 Brute Force",""
SIG840=6070,"Hidden Powershell Detected",""
SIG841=6071,"MAPI DLL Loading Elevation of Privilege Vulnerability",""
SIG842=6073,"Execution Policy Bypass in Powershell",""
SIG843=6074,"PlugX Malware infection",""
SIG844=6075,"Remote script execution by core windows utility",""
SIG845=6076,"Microsoft Windows media centre MCL Vulnerability",""
SIG846=6077,"Microsoft Visio DLL Hijacking Vulnerability",""
SIG847=6078,"T1003 - Mimikatz usage",""
SIG849=6080,"Mimikatz malware execution",""
SIG850=6081,"Powershell Command Restriction - NoProfile",""
SIG851=6082,"Powershell Command Restriction - ExecutionPolicy Unrestricted",""
SIG852=6083,"Powershell Command Restriction - NonInteractive",""
SIG853=6084,"Powershell Command Restriction - NoLogo",""
SIG854=6085,"Powershell Command Restriction - File",""
SIG855=6086,"Powershell Command Restriction - Command",""
SIG856=6087,"Powershell Command Restriction - EncodedCommand",""
SIG857=6088,"Microsoft Office DLL planting vulnerability",""
SIG858=6089,"Microsoft Office DLL side load vulnerability",""
SIG859=6090,"Self Protection - Double Agent",""
SIG860=6091,"IMFEO registry protection",""
SIG861=6093,"Microsoft Office OneNote DLL side load vulnerability",""
SIG862=6094,"Adobe Acrobat Reader DLL side load vulnerability",""
SIG863=6095,"Windows SMB Remote Code Execution Vulnerability",""
SIG864=6096,"Powershell Command Restriction - InvokeExpression",""
SIG865=6097,"Windows Search Service Remote Code Execution Vulnerability",""
SIG866=6098,"Windows LNK File Remote Code Execution",""
SIG867=6099,"Firefox Installer Privilege escalation",""
SIG868=6105,"T1145 - Windows Script Command Restriction - Batch Mode",""
SIG869=6106,"T1145 - Windows Script Command Restriction - Use Engine",""
SIG870=6100,"SMBLoris attack detected",""
SIG871=6107,"MS Word trying to execute unwanted programs",""
SIG872=6108,"Powershell - Suspicious downloadstring script execution",""
SIG873=6109,"T1047 - Powershell - Suspicious wmi script execution",""
SIG874=6110,"Fileless Threat: Startup Program Creation",""
SIG875=6111,"Fileless Threat: Click fraud operation",""
SIG876=6112,"MS Outlook trying to execute unwanted programs",""
SIG877=6113,"T1055 - Fileless Threat: Reflective Self Injection",""
SIG878=6114,"T1055 - Fileless Threat: Reflective EXE Self Injection",""
SIG879=6115,"T1055 - Fileless Threat: Reflective DLL Remote Injection",""
SIG880=6116,"T1003 - Mimikatz LSASS Suspicious Memory Read",""
SIG881=6117,"T1003 - Mimikatz LSASS Suspicious Memory DMP Read",""
SIG882=6118,"Fileless Threat : Malicious Code Execution using DotNetToJScript Technique",""
SIG883=6120,"T1055 - Fileless Threat: Process Hollowing",""
SIG884=6121,"T1055 - Fileless Threat: Shellcode Self Injection",""
SIG885=6122,"T1003 - Fileless Threat : Reflective Loading of mimikatz using DotNetToJScript Technique",""
SIG886=6123,"Windows Shell Remote Code Execution Vulnerability",""
SIG887=6119,"SMB Double Pulsar Ping",""
SIG888=6124,"Fileless Threat: Spoof Parent Process",""
SIG889=6125,"Java Remote Shellcode Injection",""
SIG890=6131,"T1047 - Weaponized OLE object infection via WMI",""
SIG891=6132,"WINRAR Filename Directory Traversal Vulnerability",""
SIG892=6133,"T1562 - Evasion Attempt: Suspicious AMSI DLL Creation Detected",""
SIG893=6134,"T1562 - Evasion Attempt: Suspicious AMSI DLL Loading Detected",""
SIG894=6135,"Unmanaged Powershell Detected",""
SIG895=6136,"Privilege escalation attempt using schtasks",""
SIG896=6137,"Remote Desktop Services Remote Code Execution Vulnerability",""
SIG897=6140,"Attempt to load non-aslr dlls to bypass exploit mitigation techniques",""
SIG898=6141,"IE Envelope - MHT access",""
SIG901=6146,"Remote Desktop Services Remote Code Execution Vulnerability - II",""
SIG902=6148,"Malware Behavior: Windows EFS abuse",""
SIG903=6150,"Malware Behavior: Trickbot malware activity detected",""
SIG904=6151,"Unmanaged Powershell Detected - II",""
SIG905=6154,"T1003 - LSASS memory read attempt to dump Credentials",""
SIG906=6155,"T1055 - Suspicious Behavior: Malicious DLL Injection Detected",""
SIG907=6157,"SMB v3 Remote Code Execution Vulnerability",""
SIG908=6163,"T1055 - Suspicious Behavior: Malicious Shellcode Injection Detected",""
SIG909=6165,"Malicious Behavior: Directory Junction attempt detected",""
SIG910=6166,"Malicious Behavior: Directory Junction attempt detected II",""
SIG911=6167,"Generic Self-protection: Protect Datreputation Logs",""
SIG912=6170,"Suspicious Printer Port usage attempt detected",""
SIG913=6172,"DISM side loading attempt detected",""
SIG914=6173,"Remote code execution in DNS Server - CVE-2020-1350",""
SIG915=6175,"SMB v1 Remote code execution detected",""
SIG916=6176,"DNS enveloping - execution of unwanted application",""
SIG917=6177,"Possible Intel AMT attack detected",""
SIG918=6178,"Possible Intel AMT attack using fragmented packets",""
SIG919=6181,"T1497 - Virtualization/Sandbox Evasion: Drive size check",""
SIG920=6182,"CVE_2020_1472 Zerologon attack",""
SIG921=6192,"Malware Behavior: Trickbot variant activity detected",""
SIG922=6195,"IIS worker process trying to execute unwanted program",""
SIG923=6196,"Credential theft using Powershell detected",""
SIG924=6197,"Shellcode execution using Macro detected",""
SIG925=6199,"CVE-2021-26877 - DNS Integer Overflow detected",""
SIG926=6200,"CVE-2021-26897 - DNS Buffer Overflow detected",""
SIG927=6201,"CVE-2021-26877 - DNS Integer Overflow detected II",""
SIG928=6202,"CVE-2021-26877 - DNS Integer Overflow detected III",""
SIG929=6203,"DPAPI Encrypted Credential theft detected",""
SIG930=6204,"HTTP Protocol Stack Remote Code Execution Vulnerability",""
SIG931=6209,"Creation of Suspicious DLL through SPOOLSV",""
SIG932=6211,"T1220/T1218.005 : MSHTA abuse - proxy execution of malicious content",""
