In the "Caveats" section of the just-released S392 IPS signature update, Cisco acknowledges a "defect present" in the memory manager which they're working on, but which can (ie very likely in our experience with our AIP-SSM-10 module and S389) cause the update to fail and requiring a manual power recycle of the ASA, leaving you back where you started -- hopefully, with the module up and current signature active, or at worse, unable to start up the AIP-SSM module.
Having had this happen to us, we are going to hold off going ahead with the upgrade, as we would be guaranteed to go through an unnecessary and unproductive ordeal. Â Â I would like to know of other users' experience with recent signatures, at least as new as S389.