Ritchie58, you are correct. The file name is OCSLOGON.exe. I tried the restore feature, though the application reported success the file was not restored in the directory. Am I looking at the filename exclusion incorrectly? I was expecting that if I excluded the exact filename in the exclusion that this would eliminate that file from being scanned. If my expectation was correct then it would not matter what directory the file was placed, correct? If I am thinking right on filename exclusion, then could this be an issue that is caused because both PDC and BDC are running Immunet and the file ends up in a replicated path for both servers? I was only working on the PDC (where I excluded filename) and where the file is placed in a local directory, but this directory is replicated, which might be caught by the BDC. Maybe? Not sure if this is valid, because the file would get removed on the PDC local directory. Thanks for responding and any ideas on this will be helpful.