Lots of (http_inspect) UNKNOWN METHOD IPS alerts

Question

Since IPS pattern updates yesterday morning (Central US time) that installed the four pattern updates listed below, I have had almost non stop IPS alerts for the following IPS events. Prior to these updates I had not received one alert for these conditions. 
 (http_inspect) UNKNOWN METHOD 
 (http_inspect) UNESCAPED SPACE IN HTTP URI 
 (http_inspect) LONG HEADER 
 Firmware version 9.502-4. Additional pattern updates since yesterday morning have failed to resolve this issue. I get hundreds of these IPS alerts... 
 All this started with these four updates. 
 New Pattern Up2Dates have been installed. The current pattern version is now 9.24361 
 New Pattern Up2Dates have been installed. The current pattern version is now 9.7247. 
 New Pattern Up2Dates have been installed. The current pattern version is now 9.78. 
 New Pattern Up2Dates have been installed. The current pattern version is now 9.11258.

sachingurung · Answer

Hi All, 
 Sorry for a late reply. The issue is the result of some Snort rules that were previously disabled by default were inadvertently enabled in one of the rule updates. We are working on getting a new rule package which will be released via the normal up2date process. Meanwhile, you can create an exception for the following list of Snort SIDs that were enabled in error. They include rules #: 7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,27,28,29,30,31,32,34,35,36,37,38,39,40,41,42,43,48,49,50,51,52,53 You can disable these rules manually from Network Protection > Intrusion Prevention > Advanced: Modified Rules - click the + : enter in rules sid # (found in the bulk of the alerts) and click "Disable this rule". You can add the others as you see fit but they do need to be added one by one. 
 Thanks