2 - Official Microsoft Security Essentials rules for OSSEC.
4 - Copyright (C) 2010 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
18 <group name="windows,mse,">
19 <rule id="7701" level="0">
20 <category>windows</category>
21 <extra_data>^Microsoft Antimalware</extra_data>
22 <description>Grouping of Microsoft Security Essentials rules.</description>
25 <rule id="7710" level="12">
29 <description>Microsoft Security Essentials - Virus detected, but unable to remove.</description>
32 <rule id="7711" level="7">
36 <description>Microsoft Security Essentials - Virus detected and properly removed.</description>
39 <rule id="7712" level="7">
41 <id>^1015$|^1006$</id>
43 <description>Microsoft Security Essentials - Virus detected.</description>
46 <rule id="7720" level="3">
49 <description>Microsoft Security Essentials - Configuration changed.</description>
50 <group>policy_changed,</group>
53 <rule id="7731" level="5">
54 <if_sid>7711, 7712</if_sid>
55 <match>Virus:DOS/EICAR_Test_File</match>
56 <options>alert_by_email</options>
57 <description>Microsoft Security Essentials - EICAR test file detected.</description>
61 <rule id="7750" level="10" frequency="6" timeframe="240">
62 <if_matched_sid>7711</if_matched_sid>
63 <description>Multiple Microsoft Security Essentials AV warnings detected.</description>
66 <rule id="7751" level="10" frequency="6" timeframe="240">
67 <if_matched_sid>7712</if_matched_sid>
68 <description>Multiple Microsoft Security Essentials AV warnings detected.</description>