I recently did an IPS-Installation and CSM-Integration at a customer, where I had the situation that I couldn't disable or modify some of the signatures via CSM. Specifically the problem occured with some signatures with signature-ids in the area of 50000.
One example for this behaviour is the signature # 50010 (WORM_SOBER). While the specific options are greyed-out in CSM, it seems to be possible to do it via IDM. Does anyone have a good explanation for this, or could it be a bug? Those signatures seem to be different from the other signatures, as I also could not find them on Security Center at CCO (http://tools.cisco.com/security/center/search.x?search=Signature).