Hi, i was just wondering about automatic start. Which one means earlier ignition of protection, system or service? Its now on 'service' but some rootkit's (rustock) spambot is able to generate outgoing traffic (on -25- smtp port) in the state xp is booting up or turning off, before/after LnS not running anymore! Its some damn tenacious rootkit working in kernel mode. Full story (Its an office environment): After sniffing the network and found out that some damn host releasing spam mails, i put LnS on it before deleting the rootkit (first i had to read some instructions about rootkit removal... So until i can disinfect the ominous host, lns can block the smtp traffic from it, i thought. (i cant turn the pc off or pull out cat5 because the colleague should work on it.) Note: In an office environment it is very critical because your public IP (smtp server...) gets blacklisted on dnsbl servers very fast (because of the outgoing spam) and after that you have nothing but complaining zombies hunting for you all around the office (lots of un-delivered emails). On the gateway/router you can not set the firewall allowing smtp traffic only from the smtp server and block it from any other host because its a crap asus consumer router, even if it was a rather expensive one (you just can't set up rules like that). So, that was the only infected host and i blocked its outgoing smtp comm. with lns, but from time to time we get back to the blacklists... It was killing me, why the damn f**k we gets back on the lists if i block the smtp port on the infected host? Then i came to realize it -only by luck- when i 'accidently' left packet sniffing (wireshark) on before going home. The spambot could release hundred of spam messages even during the xp's booting/turning off procedure! (And 'of course' i was not sniffing at those damn particular times!) It was a sharp lesson anyway. So will lns start the protection at an earlier stage if i set the automatic start to 'system'? And what about when halting op system down? :/ Btw i like this fwall very much, using it from the beginnings. Thank You, K.