No, you can't create alert exceptions, but you can tweak the alert not to fire so often. You can also scan your ISA logs to determine what the app was doing when the alert fired. What - we should be impressed because the app costs $M? Poor code is poor code - regardless what you paid for it. -----Original Message----- From: stevec@xxxxxxxxxxx [mailto:stevec@xxxxxxxxxxx] Sent: Sunday, October 02, 2005 8:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA 2004 Intrusion Detection Modification? http://www.ISAserver.org I have a terminal server within my ISA 2004's "Internal Network" space. ISA, via email, reports Subject: ISA Server alert: An intrusion was attempted by an external user Body: "ISA Server detected an all port scan attack from Internet Protocol (IP) address 192.168...." This is not an external client, it is a local Terminal Server with a VB app with many users on it, it's just the way the app works, it's not doing anything bad. Looking at the Intrusion Detection section in the ISA MMC, there doesn't seem to be a way to setup exclusions for this alert. I'm getting spammed by my ISA! What can I tweak to make this go away (please don't say "the VB app" since it cost more than your house)? Thanks. -- http://www.atomic9.net/ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.