Other than the fact that ISA is configured by humans, and humans make mistakes. Oh, and what about an admin using IE on the ISA server? What if someone is working on ISA, and they need to use a CD or floppy? John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, November 07, 2003 7:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Removing Terminal Services from an ISA system http://www.ISAserver.org Hi John, Excellent point. Maybe I should rethink my approach to AV on the firewall. I figure that if no one has write access to the firewall from a network location, and I don't run any client software on the firewall, that I should be fairly safe. Can you think of a scenario that would allow a virus onto the box given those parameters? (excluding the possibility that someone brings a virus infected CD, floppy or USB "drive" to the firewall) Thanks! Tom