Sorry the block in question for ISA 2004, is: Go to the rule that allows inbound web traffic and double-click it. Click the "Protocols" tab Click "Filtering" Click "Configure HTTP" Click the "Extensions" tab And add wmf I also have been adding emf as well. I'm just not sure of how to do this on ISA 2000. Also the only way I have been able to find to stop this attack on the clients, using MS fixes, is to unregister the offending dll using. regsvr32 /u %windir%\system32\shimgvw.dll Some sites also say to rename it as well to stop it being re-registered by malware. This will stop the problem, but will stop certain things working. Andy -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, 5 January 2006 1:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vunrability http://www.ISAserver.org It might help to tell us what "block" you used in ISA 2004. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx] Sent: Tuesday, January 03, 2006 11:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] WMF Vunrability http://www.ISAserver.org I have installed the "wmf" block to my ISA 2004 clients but I not sure how to set this up for ISA 2000. Could someone provide advice of the best way to do this. Thanks Andy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ahaigh@xxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx