I don't know how likely this is, but it seems like it could be a way for malware to send my private information to hackers. I'll use WMP as an example since most people have it on their computers, but I think that the same problem exists with any application that "executes" a URL. To determine what was happening, I enabled logging for all applications*. In LnS I blocked WMP from accessing the internet or launching internet applications. If I start WMP and choose "Help > Windows Media Player Online", LnS does not show me an alert for WMP, and the logs do not show WMP at all but instead LnS allows svchost.exe and Firefox to access the internet with the URL that WMP created. The other strange thing is that even if I block svchost.exe from internet access and launching internet apps, LnS still allows it to send UDP packets to the internet (on port 53). This seems like an even worse problem. Can anyone reproduce these things? I wonder if these things are related to the fact that my computer fails some of the "official leak tests" after my computer has been running for a while. *By the way, I wish that there was an easy way to enable/disable !! logging on the app filtering tab for all apps at the same time.