Hello All, It must have been discussed a million-times but here it goes again. I want to block Yahoo Messenger for some of the users in my Organizagion. I have created a Protocol Rule which denies TCP Port 5050. I have created 13 different Destination sets and Denied those also seperately in Site and content rules. But still users get through. Even one of my destinations is *.yahoo.com. This prevents users from going to any of the Yahoo sites from browser but Yahoo IM still goes through. It must be using SOCKS4. My question here is which will supersede - The SOCKS4 connection or the "Denial of the Yahoo Sites" rule. On an additional Note, I have another Site and Content Rule which allows All contents, All Destinations, Always to All workstations. (All workstations includes range of my DHCP). Will the above Rule be considered "Anonymous" and be preceded by any of the other Site and Content Deny Rules. (I read it somewhere in the ISALIST itself someone saying that "Anonymous" rules take precedence over all other rules. Please correct me if I am wrong). Just getting confused here and will very much appreciate a clearer picture on how ISA exactly works and a detailed information on "How to Block Yahoo" will be very very much appreciated. Thanks. Sushil Bhalla Imageware International