This is how you can fight WFP

I believe that the explorer.exe process is the enforcer for WFP. If you kill it, the WFP stuff is temporarily disabled. There is a knowledge base article Q222473 on microsoft.com about some registry settings. In addition search the archives at www.ntbugtraq.com for even more hacker level information. The behavior of explorer.exe is sort of interesting. It is the process that displays the Start Menu and taskbar stuff. Normally when you as a user run it, it shows up as the typical directory and file explorer view. If you look at the process list in Task Manager, only one instance of explorer.exe is ever running. If you kill it, your Start Menu and taskbar will disappear, as will all of the file views. Then, if you restart it (CTRL-ALT-DEL, press Task Manager, use File > New Task, type "explorer", press OK), your taskbar and start stuff automatically reappears. If anyone decides to experiment and kill explorer.exe, you may want to first log out, then log back in order to save any changes it may have pending. Except for the WFP "feature", this behavior is the same as it was in NT 4.0. Raul Based in sunny San Diego, California C/C++/MFC/ATL - Expert bugstomper/troubleshooter Embedded (TI DSPs) and Windows programming - 10+ years