Allo again. I'm looking at the http policy settings and the firewall client application settings, I've read the information in Toms book in chapter 7 and 10 concerning setting up specific filters to block certain programs from connecting, but is there a way to put in a default block all programs and explicitly allow only certain registered programs? I'm thinking, denying all web browsers other than iexplore.exe and adding the specific programs we use that I see in the sessions and logging sections, along with allowing the specific programs we use (we 'should' only really use about 5 programs that access the internet for any reason) Is this possible and a recommended way of default blocking everything that tries to tunnel thru http among other things? Paul.