Hi, I am receiving the following entries for web access from two client machines I have here, and would like to know how I can disable these machines from doing this, as the logs fill up very quickly, and this occurs when the machines are sitting idling.. From my understanding Microsoft Instant Messenger is the culprit, however, another client with the same version of instant messenger does not appear to display the same issues. GFIWebMonitor? unauthenticated 192.168.1.66 20:59:27 650 http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=97384641 unauthenticated 192.168.1.66 20:59:27 3929 http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f 5d5c?AN=1.97384641 ISALOG WEBEXTD?. 192.168.1.66 anonymous MSMSGS N 2003-04-24 01:58:56 w3proxy SATURN - svcs.microsoft.com 207.68.173.249 80 453 328 650 http TCP GET http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=72153461 Inet 302 Sjones - Web Clients Sjones - Allow Rule - Workstation - Pluto 192.168.1.66 anonymous MSMSGS N 2003-04-24 08:59:27 w3proxy SATURN - - - - - 248 - - TCP GET http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f 5d5c?AN=1.97384641 - 12202 Sjones - Web Clients Sjones - Advertisement Deny Rule I have added rad.msn.com to a deny rule for web access, should this still appear in the log file if it is denied access? And could I just as easily add a deny rule for http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp ??? Any ideas on this would be appreciated, if it is just a case of this is how things are and I should ignore them, then so be it. Cheers Ant Dowling.