Upon examining my ISA logs, I see that it has denied access approx. 20 times per day to both versions of Code Red queries. My question is.. how does it identify this request as malicious? Thank you, Scott Talley The Combined Group phone: 972.247.2621 x829 fax: 972.247.2622 e-mail: stalley@xxxxxxxxxxxxxxxxx