Hi All, In my work environment, there are times when our programmers need to disable real-time scanning on test machines in order to properly test the applications they are writing - mostly for performance reasons. However, my department (IT Infrastructure) is concerned that one of these days a programmer will forget to reenable real-time scanning. I have enabled notification by protection status and have set the priority to P1. Now I get notifications when one of the programmers disables real-time scanning, and I can keep track in order to make sure it is reenabled. The problem is that I also get other protection status-related notifications, such as virus definitions out of date, O/S not up to date, etc. What I am looking for is a way to be more specific in the protection status notification. I need to know only when real-time scanning has been disabled by a user. Does anyone know how to be more specific in the notification rules? Any help would be appreciated. Thanks.