I have a terminal server within my ISA 2004's "Internal Network" space. ISA, via email, reports Subject: ISA Server alert: An intrusion was attempted by an external user Body: "ISA Server detected an all port scan attack from Internet Protocol (IP) address 192.168...." This is not an external client, it is a local Terminal Server with a VB app with many users on it, it's just the way the app works, it's not doing anything bad. Looking at the Intrusion Detection section in the ISA MMC, there doesn't seem to be a way to setup exclusions for this alert. I'm getting spammed by my ISA! What can I tweak to make this go away (please don't say "the VB app" since it cost more than your house)? Thanks. -- http://www.atomic9.net/