I have 3.0.694 on Win7, and had Web Access Protection as viewed in the main UI on Disabled. I happened to be in Win7's Resource Monitor looking at networking, when I noticed consistent network activity on ekrn.exe corresponding to various Internet addresses and sites (I was using my browser actively at the time). Odd, since WAP was disabled. So I drilled into NOD's Advanced tree and found that HTTP checking, a subsection of WAP, was enabled. I read the help and the manual but still don't quite get the distinction between the two. More to the point, why is it when a feature is disabled at the top level (main UI or at the top of the WAP tree in advanced) that the entire feature isn't disabled? Unchecking HTTP did the trick, but I only stumbled on this issue accidentally. Side issue: when you uncheck HTTP and then go to Setup/Antivirus and antispyware in the main UI, WAP reports as "Malfunctioning" instead of Disabled. Setup in the main UI, which is directly adjacent, shows it correctly as Disabled.