Hi I have quite some questions about ESS (I have Vista HP SP2 32bits) First I'd like to know about some outbound requests for svchost.exe after computer start-up It wants to connect to 4 things, does anyone one exactly what for? 1. IP:188.8.131.52 Remote port: 5355 (llmnr) Local port: 52078 2. IP:184.108.40.206 Remote port: 3072 (3072) Local port: 49152 3. IP:FF02::C Remote port: 3072 Local port: 49153 4. IP:220.127.116.11 cds833.ord.llnw.net Remote port: 80 (HTTP) Local port: 49169 llnw.net leads to some corporation, which is weird, because if I don't allow it, windows update won't work. Second question: When checking common ports with ShieldsUP! at grc.com it replies to a Ping (ICMP Echo) request: " Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation." Can't find an option in firewall to turn it off, how can I stop replying to Ping (ICMP Echo) request? Third Question: When scheduling a start-up scan there are 7 scan levels to choose from: 1. Files run before user logon 2. Files run after user logon 3. Only the most frequently used files 4. Frequently used files 5. Commonly used files 6. Rarely used files 7. All registered files Does one scan level also scan the lower levels, so if I choose Only the most frequently used files does it also scan Files run before and after user logon etc.? Fourth Question: I have four pc's with ESS installed(3 Vista, 1 XP.) At 2 of the Vista pc's sometimes Vista Security center reports that firewall or av is off, while Eset reports everything is OK,, if I then disable firewall or av trough Eset, and then enable it again trough Eset, the MS sec. center reports everything is allright. One of these pc's is using ESS 4.0.417, the other 4.0.467. What's the problem? The one with .467 had an older version before, and after installing .467 the firewall was really disabled and reported corrupt, and after uninstalling .467 properly as instructed on Eset website, then installing .467 again, and everything was ok. But this is different because Eset is fine now, windows is just acting weird.