Hi Shawn, GREAT STUFF! I appreciate the help. Now to present the employee with his walking papers :-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Monday, March 03, 2003 11:21 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Odd entry in Firewall service log http://www.ISAserver.org And further research shows: www.filenavigator.com Yet another P2Piece of garbage... ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) Sent: Monday, March 03, 2003 12:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Odd entry in Firewall service log http://www.ISAserver.org From that 2nd site in German off of Google: File Navigator 2.10 von der C´t Mp3 Shareware-Seite installierte wohl den seltsamen "uninstall onflow.exe", der auch lt Atguard prompt nach Hause funken will: Outbound TCP connection Remote address,service is (147.208.175.70,http) Process name is "uninstall onflo" Die IP gehört der Intel Corporation.... Apparently File Navigator is your culprit. From another site I found that apparently this IP belongs to Intel. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, March 03, 2003 11:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] Odd entry in Firewall service log http://www.ISAserver.org Anyone seen this one yet in the Firewall service log: 192.168.1.141, LarryC, uninstall onflo:3:5.1, -, 3/3/2003, 10:34:42, -, -, -, -, 147.208.175.70, 80, 82819, 0, 0, 80, TCP, Connect, -, -, -, 20001, -, All Open Users, Allow All Users, 15, 1092 A google search show two entries (in German) and an www.alltheweb.com didn't bring anything up for the "uninstall onflo" entry. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')