Yes, those are from MSN Messenger (the piece that sits in the background keeping track of people online, etc). You will still receive entries in your logs for denied requests. Only difference is that the status code will be a code saying it was denied instead of allowed. You could add the other deny rule, but I tend to stay away from specific pages in rules as are subject to change a lot more frequently than a domain or a domain with just a directory path. "That's how it is and you should ignore it" :) Or blow away Messenger. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Anthony Dowling [mailto:antman147@xxxxxxxxxx] Sent: Thursday, April 24, 2003 6:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] Strange Log Entries.. http://www.ISAserver.org Hi, I am receiving the following entries for web access from two client machines I have here, and would like to know how I can disable these machines from doing this, as the logs fill up very quickly, and this occurs when the machines are sitting idling.. From my understanding Microsoft Instant Messenger is the culprit, however, another client with the same version of instant messenger does not appear to display the same issues. GFIWebMonitor... unauthenticated 192.168.1.66 20:59:27 650 http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=97384641 unauthenticated 192.168.1.66 20:59:27 3929 http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f 5d5c?AN=1.97384641 ISALOG WEBEXTD.... 192.168.1.66 anonymous MSMSGS N 2003-04-24 01:58:56 w3proxy SATURN - svcs.microsoft.com 207.68.173.249 80 453 328 650 http TCP GET http://svcs.microsoft.com/svcs/mms/adxml_main.asp?Version=5.0&Plcid=0409&CLC ID=0409&BrandID=MSMSGS&country=NZ&PUID=00011dc74c2f5d5c&random=72153461 Inet 302 Sjones - Web Clients Sjones - Allow Rule - Workstation - Pluto 192.168.1.66 anonymous MSMSGS N 2003-04-24 08:59:27 w3proxy SATURN - - - - - 248 - - TCP GET http://rad.msn.com/ADSAdClient31.dll?GetAd?PG=IMSNZR?SC=HF?PUID=00011dc74c2f 5d5c?AN=1.97384641 - 12202 Sjones - Web Clients Sjones - Advertisement Deny Rule I have added rad.msn.com to a deny rule for web access, should this still appear in the log file if it is denied access? And could I just as easily add a deny rule for http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp <http://svcs.mcirosoft.com/svcs/mms/adxml_main.asp> ...?? Any ideas on this would be appreciated, if it is just a case of this is how things are and I should ignore them, then so be it. Cheers Ant Dowling. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')