It´s normal to see anonimous access in your log files, even if you select Integrated authentication and "Ask unauthenticated users...", but in fact no one is bypassing your ISA without authorization. Microsoft has released an article stating that. I don´t know where it is but if you search in Microsoft site you may find it.