When I first began to tune the sensor, I went in with the IDM and turned on most of the older trojan definitions just to see if anything was hiding in the network. I have not had any hits on those sigs for a couple of weeks and I would like to set all the trojan sigs back to default (ie back to retired) in one stroke via the CLI. I am running version 5 of the IDS software. Is there an easy way to do this? Thanks.
There is no single command that can reset all trojan signatures to their default values. Your best option is to re-apply the lastest service pack (not latest signature udpate) to the Sensor. This will reset most of the signatures to their default values.