I've added a rule to block the destover malware, that was used in the Sony trojan wiper malware.
This is in addition to the rules in PD25630. In our experience, the rule on page three, "Prevent remote creation/modification of executable and configuration files", can cause conflicts with advanced domain login scripts that run programs and batch files which exist on network shares. Also we are managing many different customer environments, many of which have their own custom http/ftp blocking rules (access protection, common maximum protection, prevent ftp, http communication). We can't create one single http/ftp rule list for all customers as we have tried this before and have reached the limit of the "processes to exclude" rules that we can add.
Here's some more background information from a japanese site:
This site is clean: