Those are two separate questions. ISA doesn't use the OS file associations to make its decisions, so blocking file types of .wmf or content-types of application/x-msmetafile will get you some relief. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Hillaert, Todd [mailto:THillaert@xxxxxxxx] Sent: Wednesday, January 04, 2006 12:42 To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability http://www.ISAserver.org Hi Correct me if I'm wrong, but as I understand it, a WMF is not handled by the operating system only according its extension, but by special flags set within the file itself. That's why blocking *.wmf or the mime types will not stop it. Todd -----Original Message----- From: Brian Boyes [mailto:BrianB@xxxxxxxxx] Sent: Wednesday, January 04, 2006 2:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability http://www.ISAserver.org True enough. You had mentioned it was doable with GFI and I though it might be useful to mention how it could be done via surfcontrol as well. Personally, I blocked WMF files at ISA and with my surfcontrol filter, just in case. Brian -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 2:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability Hi Brian, You don't need SurfControl just to block .wmf files, you can use the OOB ISA firewall to do that. Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thillaert@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.