Maybe I am grabbing the donkey by the tail here, but are you suggesting that the ISA-aware AV products should not be installed on the firewall to protect the network or just to protect the firewall itself? Bakari Allen ballen@xxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, November 07, 2003 10:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Removing Terminal Services from an ISA system http://www.ISAserver.org Hi John, Excellent point. Maybe I should rethink my approach to AV on the firewall. I figure that if no one has write access to the firewall from a network location, and I don't run any client software on the firewall, that I should be fairly safe. Can you think of a scenario that would allow a virus onto the box given those parameters? (excluding the possibility that someone brings a virus infected CD, floppy or USB "drive" to the firewall) Thanks! Tom