The other type of signature is a Policy signature – not an exploit or a vulnerability per se, but a security feature an Administrator might want to enable.
NIS is one of the aspects of TMG 2010 I’m most speculatively excited about- imagine being able to more-or-less automatically protect a whole subnet of vulnerable machines while patches are being produced or deployed - and the MMPC have been steadily releasing definition updates that protect TMG-protected machines from known exploits since launch.
NIS updates typically coincide with a bulletin release – but recently, we’ve seen that they’ve been produced for at least one Advisory as well.
NIS updates aren’t particularly discoverable right now, though - I can’t find another way to get notifications of NIS updates other than through the TMG interface.
And NIS entries are not currently searchable in the MMPC Encyclopedia either - they’re linked directly from the definitions in the MMC above.