Hi. For no reason whatsoever "lsass.exe" has just activated my Zonealarm firewall and wants to accept connections from the internet. I have AVG running and have avoided MSBlast and Sasser in the past but is this a new variant? I have not accepted nor denied access and do not know what to do. Source IP is 220.127.116.11 on port 500. I do not know what to do!!!! Is this a new Sasser type thing or a legitimate exercise? I have never had this happen before in the previous 12 months or so and am really concerned. Can you help?