I have been seeing this module kick of rule 46 at multiple clients (the 0x860d3008 memory address is varied). Has anyone successfully figured out a way to investigate what this is, and how to tune it? I know I could create a blanket rule, but I want to see what it is first. The problem is the logs get flooded with the 596 alert, even though it does not block anything, I know that most customers who look at this will stop paying attention. That whole cry wolf thing.