zone alarm was not compatible, so i changed to kerio 2.1.5. when i first installed and clicked on a webpage for the first time, i was hit with a barrage of pop-up windows from kerio asking whether to deny or allow. since i thought the pop-ups were from the web page i was visiting, i allowed them. i wish i had denied them. the pop-up windows give the IP address explaining thir origin, and at the time i didn't know how to research these addresses. i know how to now, but i may have let a hacker in.
i would like to know from you experienced kerio 2.1.5 experts out there, how i can start fresh by uninstalling/reinstalling the 2.1.5. would this kick out a hacker? this time i will deny unknown and have the slider set do deny unknown fron the very start. i can always set a new rule for any website that i can't access, which would allow me access. thanks, Ed James

What I would do is check task manager (or better still, Process Manager) and look for any suspicious processes loaded in memory. Check all the usuall locations that trojans/viruses hook into (i.e registry). You can also delete any existing rules rather than re-install 2.15. Why not give KPF4 a try? This will also give you application control (i.e which applications can be started or not).

graham,
i used paint to google all the processes in the task manager, and they are all legit. process manager i don't know about. what is it? where is it? how do it use it? i do know about process library, in fact i have it in my links and i will check that out again.
i do know how to get into the registry and when i switched from zone alarm to kerio i had to make changes that were needed, but that was the only time i have ever edited the registry. where should i specifically look? what am i hoping to see? what do i not want to see?
i will check into your suggestion about deleting rules in my firewall that already exist, but should be deleted.
i love the kerio 2.1.5, but i want to make sure there's no hacker already in. zone alarm provides great protection, but i was seeing "this page cannot be displayed" about 300 times a day, so i had to uninstall it.
i have read many of your postings, and i know you are a knowledgeable authority when it comes to the kerio firewall. i think i have also read postings by you in dsl reports. point me in the right direction and i will go there. above all else, help me give a possible hacker the exit. thanks, Ed James

Sorry, I mean't Process Explorer (www.sysinternals.com). This tool gives you an overview of what is running on your system and how (i.e parent and child processes).

Places to look in the registry include:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and also
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look for any processes (links) that may seem odd.

I'm not sure about 2.15 (it's a long time since I used that version) but look for any unusual listening ports. TCPView (www.sysinternals.com) can also show listening or connected connections.

graham,
sysinternals.com is great stuff. i will take your advice to heart. thanks again, Ed James