Tom, Yep, you are very correct. I tried testing it and I was able to get out successfully. Would best practice be to block the ports and create the disable for the application on the Firewall client? However, a Microsoft Security Specialist claims that we can block applications at layer 7 regardless of users renaming the application. Are they mistaken or is this possible? BTW: Thanks, Tom, for pointing me in the right direction on anonymous access for the RealPlayer. Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote:http://www.ISAserver.org Hi Paul, Yes, the problem is if you work in a University or have otherwise smart users, they'll discover that they can rename the .exe and get by that. That's the value of having teenage children at University :-) Tom Thomas W Shinderwww.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Paul Berg [mailto:frogman1370@xxxxxxxxx] Sent: Wednesday, February 05, 2003 11:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: RES: RE: RES: HI ALL!! http://www.ISAserver.org Value must be 1 to turn on the function of disable... Tiago de Aviz <Tiago@xxxxxxxxxxxxxxx> wrote: @font-face { font-family: Tahoma;}@font-face { font-family: Comic Sans MS;}@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}A:link { COLOR: blue; TEXT-DECORATION: underline}SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline}A:visited { COLOR: purple; TEXT-DECORATION: underline}SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline}P.MsoPlainText { FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Courier New"}LI.MsoPlainText { FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Courier New"}DIV.MsoPlainText { FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Courier New"}P.MsoAutoSig { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}LI.MsoAutoSig { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}DIV.MsoAutoSig { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"}SPAN.estilocorreo17 { COLOR: windowtext; FONT-FAMILY: Arial}SPAN.estilodeemail20 { COLOR: black}SPAN.EstiloDeEmail22 { COLOR: black}DIV.Section1 { page: Section1}http://www.ISAserver.org Thomas, Worked for me! You can also try disabling the kazaa.exe executable in the Microsoft Firewall Clients properties in ISA Management. Create a rule for kazaa.exe, set the string for Disable and the value to 0. Tiago de Aviz ----------------------- tiago@xxxxxxxxxxxxxxx www.softsell.com.br ----------------------- -----Mensagem original----- De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Enviada em: terga-feira, 4 de fevereiro de 2003 21:16 Para: [ISAserver.org Discussion List] Assunto: [isalist] RE: RES: HI ALL!! http://www.ISAserver.org Hi Tiego, So you've had success with blocking *.kaaza.com? I haven't tried it yet, but I'll give it a shot. We usually just remove the app from client workstations when the firewall log shows the app. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: frogman1370@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now