diff --git a/NEWS.md b/NEWS.md
index 4b990fa..d4d4e06 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,9 @@
 ## NEWS 
 
+### 2022-04-14 release of v.2.1.5 was completed
+- fixes a bug where a windows misbehaviour could return 0.0.0.0 as offending IP, thus blocking all subnets
+- try to fix a bug where a false positive warning about tasks taking too long are spamming the event logs of EvlWatcher
+
 ### 2022-01-22 release of v.2.1.4 was completed
 - basic ipv6 support
 - certificate was renewed
diff --git a/README.md b/README.md
index f17b4d7..eb04a8b 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ It's basically a fail2ban for windows. Its goals are also mainly what we love ab
 - *no-initial-fucking-around-with-scripts-or-config-files*
 - *install-and-forget*
 
-You can download it [here](https://github.com/devnulli/EvlWatcher/raw/master/Versions/v2/EvlWatcher-v2.1.4-setup.exe) ( v2.1.4 - January 2022 ) .
+You can download it [here](https://github.com/devnulli/EvlWatcher/raw/master/Versions/v2/EvlWatcher-v2.1.5-setup.exe) ( v2.1.5 - April 2022 ) .
 
 ## Also, we love issues!
 
diff --git a/Source/EvlWatcher/EvlWatcher.WCF/Properties/AssemblyInfo.cs b/Source/EvlWatcher/EvlWatcher.WCF/Properties/AssemblyInfo.cs
index 8fcad3c..10e913c 100644
--- a/Source/EvlWatcher/EvlWatcher.WCF/Properties/AssemblyInfo.cs
+++ b/Source/EvlWatcher/EvlWatcher.WCF/Properties/AssemblyInfo.cs
@@ -10,7 +10,7 @@
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
 [assembly: AssemblyProduct("EvlWatcher.WCF")]
-[assembly: AssemblyCopyright("Copyright © 2021 Michael Schönbauer")]
+[assembly: AssemblyCopyright("Copyright © 2022 Michael Schönbauer")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.1.4.0")]
-[assembly: AssemblyFileVersion("2.1.4.0")]
+[assembly: AssemblyVersion("2.1.5.0")]
+[assembly: AssemblyFileVersion("2.1.5.0")]
diff --git a/Source/EvlWatcher/EvlWatcher/EvlWatcher.cs b/Source/EvlWatcher/EvlWatcher/EvlWatcher.cs
index 73d1faf..e64c778 100644
--- a/Source/EvlWatcher/EvlWatcher/EvlWatcher.cs
+++ b/Source/EvlWatcher/EvlWatcher/EvlWatcher.cs
@@ -16,6 +16,7 @@
 using System.ServiceProcess;
 using System.Text.RegularExpressions;
 using System.Threading;
+using System.Diagnostics;
 
 namespace EvlWatcher
 {
@@ -45,6 +46,7 @@ public class EvlWatcher : ServiceBase, IEvlWatcherService
         /// all loaded tasks
         /// </summary>
         private static readonly List<LogTask> _logTasks = new List<LogTask>();
+        private static readonly Dictionary<LogTask, DateTime> _logTasksPerfWarningIssued = new Dictionary<LogTask, DateTime>();
 
         /// <summary>
         /// adds some extra output
@@ -331,6 +333,7 @@ private void PushBanList()
                     .Union(_serviceconfiguration.BlacklistAddresses)
                     .Distinct()
                     .Where(address => !IsWhiteListed(address))
+                    .Where(address => !address.Equals(IPAddress.Any))
                     .ToList();
 
                 _firewallApi.AdjustIPBanList(banList);
@@ -492,40 +495,48 @@ private void Run()
 
                                     if (eventsForThisTask.Count > 0)
                                     {
-                                        DateTime start = DateTime.Now;
+                                        var start = Stopwatch.GetTimestamp();
 
                                         t.ProvideEvents(eventsForThisTask);
 
-                                        if (DateTime.Now.Subtract(start).TotalMilliseconds > 500)
-                                            _logger.Dump($"Warning: Task {t.Name} takes a lot of resources. This can make your server vulnerable to DOS attacks. Try better boosters.", SeverityLevel.Warning);
+                                        var end = Stopwatch.GetTimestamp();
+
+                                        if (end - start > 50000000)
+                                        {
+                                            if (!_logTasksPerfWarningIssued.ContainsKey(t) || DateTime.Now > _logTasksPerfWarningIssued[t].AddHours(24))
+                                            {
+                                                _logger.Dump($"Warning: Task {t.Name} takes a lot of resources. This can have different reasons, maybe you get a lot of events (problems in domain configuration, stale hidden credentials..), or the event processing is too slow. This can cause EvlWatcher to produce CPU spikes. Try better boosters, or try to find the root problem,", SeverityLevel.Warning);
+                                                _logTasksPerfWarningIssued[t] = DateTime.Now;
+                                            }
+                                        }
                                     }
                                 }
                             }
                         }
 
-                        List<IPAddress> blackList = new List<IPAddress>();
+                        List<IPAddress> polledTempBansOfThisCycle = new List<IPAddress>();
+                        List<IPAddress> polledPermaBansOfThisCycle = new List<IPAddress>();
 
                         //let the tasks poll which ips they want to have blocked / or permanently banned
                         foreach (LogTask t in _logTasks)
                         {
                             if (t is IPBlockingLogTask ipTask)
                             {
-                                SetPermanentBanInternal(ipTask.GetPermaBanVictims().ToArray());
-
-                                List<IPAddress> blockedIPs = ipTask.GetTempBanVictims();
+                                List<IPAddress> polledTempBansOfThisTask = ipTask.GetTempBanVictims();
+                                List<IPAddress> polledPermaBansOfThisTask = ipTask.GetPermaBanVictims();
 
-                                _logger.Dump($"Polled {t.Name} and got {blockedIPs.Count} temporary and {_serviceconfiguration.BlacklistAddresses.Count()} permanent ban(s)", SeverityLevel.Verbose);
+                                _logger.Dump($"Polled {t.Name} and got {polledTempBansOfThisTask.Count} temporary and {polledPermaBansOfThisTask.Count()} permanent ban(s)", SeverityLevel.Verbose);
 
-                                foreach (IPAddress blockedIP in blockedIPs)
-                                    if (!blackList.Contains(blockedIP))
-                                        blackList.Add(blockedIP);
+                                polledPermaBansOfThisCycle.AddRange(polledPermaBansOfThisTask.Where(ip => !polledPermaBansOfThisCycle.Contains(ip)).ToList());
+                                polledTempBansOfThisCycle.AddRange(polledTempBansOfThisTask.Where(ip => !polledTempBansOfThisCycle.Contains(ip)).ToList());
                             }
                         }
 
                         _logger.Dump($"\r\n-----Cycle complete, sleeping {_serviceconfiguration.EventLogInterval} s......\r\n", SeverityLevel.Debug);
-                        
-                        _lastPolledTempBans = blackList;
 
+                        SetPermanentBanInternal(polledPermaBansOfThisCycle.ToArray(), pushBanList: false);
+                        _lastPolledTempBans = polledTempBansOfThisCycle;
+                        
                         PushBanList();
                     }
                     catch (Exception executionException)
@@ -570,12 +581,13 @@ private void Run()
             }
         }
 
-        private void SetPermanentBanInternal(IPAddress[] addressList)
+        private void SetPermanentBanInternal(IPAddress[] addressList, bool pushBanList=true)
         {
             foreach (IPAddress address in addressList)
                 _serviceconfiguration.AddBlackListAddress(address);
 
-            PushBanList();
+            if (pushBanList)
+                PushBanList();
         }
 
 
diff --git a/Source/EvlWatcher/EvlWatcher/EvlWatcher.csproj b/Source/EvlWatcher/EvlWatcher/EvlWatcher.csproj
index 7da21db..5dea241 100644
--- a/Source/EvlWatcher/EvlWatcher/EvlWatcher.csproj
+++ b/Source/EvlWatcher/EvlWatcher/EvlWatcher.csproj
@@ -127,7 +127,7 @@
   </ItemGroup>
   <ItemGroup>
     <Content Include="config.xml">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
       <SubType>Designer</SubType>
     </Content>
     <Content Include="license.txt">
diff --git a/Source/EvlWatcher/EvlWatcher/Logging/DefaultLogger.cs b/Source/EvlWatcher/EvlWatcher/Logging/DefaultLogger.cs
index b652fc2..70b0786 100644
--- a/Source/EvlWatcher/EvlWatcher/Logging/DefaultLogger.cs
+++ b/Source/EvlWatcher/EvlWatcher/Logging/DefaultLogger.cs
@@ -8,11 +8,11 @@ namespace EvlWatcher.Logging
 {
     internal class DefaultLogger : ILogger
     {
-        private object _syncObject = new object();
+        private readonly object _syncObject = new object();
         public SeverityLevel LogLevel { get; set; } = SeverityLevel.Warning;
 
         private int ConsoleHistoryMaxCount { get; set; } = 1000;
-        private IList<LogEntry> ConsoleHistory { get; set; } = new List<LogEntry>();
+        private IList<LogEntry> ConsoleHistory { get; } = new List<LogEntry>();
 
         private void ManageConsoleHistory(string message, SeverityLevel severity, DateTime date)
         {
diff --git a/Source/EvlWatcher/EvlWatcher/NSIS/make.nsi b/Source/EvlWatcher/EvlWatcher/NSIS/make.nsi
index 2718436..c18ea75 100644
--- a/Source/EvlWatcher/EvlWatcher/NSIS/make.nsi
+++ b/Source/EvlWatcher/EvlWatcher/NSIS/make.nsi
@@ -2,7 +2,7 @@ Name "EvlWatcher"
 
 ; The file to write
 Icon EvlWatcher.ico
-OutFile "EvlWatcher-v2.1.4-setup.exe"
+OutFile "EvlWatcher-v2.1.5-setup.exe"
 
 ; The default installation directory
 InstallDir $PROGRAMFILES\EvlWatcher
diff --git a/Source/EvlWatcher/EvlWatcher/Properties/AssemblyInfo.cs b/Source/EvlWatcher/EvlWatcher/Properties/AssemblyInfo.cs
index 03cdc54..dd719f9 100644
--- a/Source/EvlWatcher/EvlWatcher/Properties/AssemblyInfo.cs
+++ b/Source/EvlWatcher/EvlWatcher/Properties/AssemblyInfo.cs
@@ -9,7 +9,7 @@
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("Michael Schönbauer")]
 [assembly: AssemblyProduct("EvlWatcher")]
-[assembly: AssemblyCopyright("2021 Michael Schönbauer")]
+[assembly: AssemblyCopyright("2022 Michael Schönbauer")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
@@ -28,5 +28,5 @@
 //      Build Number
 //      Revision
 //
-[assembly: AssemblyVersion("2.1.4.0")]
-[assembly: AssemblyFileVersion("2.1.4.0")]
+[assembly: AssemblyVersion("2.1.5.0")]
+[assembly: AssemblyFileVersion("2.1.5.0")]
diff --git a/Source/EvlWatcher/EvlWatcher/config.xml b/Source/EvlWatcher/EvlWatcher/config.xml
index 75856a7..9ff1588 100644
--- a/Source/EvlWatcher/EvlWatcher/config.xml
+++ b/Source/EvlWatcher/EvlWatcher/config.xml
@@ -31,7 +31,13 @@
 				3600
 			</LockTime>
 
-			<!-- this is used for rules that only need new events for evaluating. If you dont know what this does, leave it set to false-->
+			<!-- this is used for rules that only need new events for evaluating.
+			      - If you dont know what this does, leave it set to false
+				  
+				  - If you set this to true, it means that the task will only receive events it has not already received
+				  
+				  - If you set this to false, it means that the task will receive all events of its timeframe, everytime it is polled 
+				     (e.g. task gets events provided until they fall out of the timeframe)-->
 			<OnlyNew>
 				False
 			</OnlyNew>
@@ -81,7 +87,13 @@
 				3600
 			</LockTime>
 
-			<!-- this is used for rules that only need new events for evaluating. If you dont know what this does, leave it set to false-->
+			<!-- this is used for rules that only need new events for evaluating.
+			      - If you dont know what this does, leave it set to false
+				  
+				  - If you set this to true, it means that the task will only receive events it has not already received
+				  
+				  - If you set this to false, it means that the task will receive all events of its timeframe, everytime it is polled 
+				     (e.g. task gets events provided until they fall out of the timeframe)-->
 			<OnlyNew>
 				False
 			</OnlyNew>
@@ -130,7 +142,13 @@
 				3600
 			</LockTime>
 
-			<!-- this is used for rules that only need new events for evaluating. If you dont know what this does, leave it set to false-->
+			<!-- this is used for rules that only need new events for evaluating.
+			      - If you dont know what this does, leave it set to false
+				  
+				  - If you set this to true, it means that the task will only receive events it has not already received
+				  
+				  - If you set this to false, it means that the task will receive all events of its timeframe, everytime it is polled 
+				     (e.g. task gets events provided until they fall out of the timeframe)-->
 			<OnlyNew>
 				False
 			</OnlyNew>
@@ -177,10 +195,18 @@
 			<LockTime>
 				3600
 			</LockTime>
-			<!-- this is used for rules that only need new events for evaluating. If you dont know what this does, leave it set to false-->
+			
+			<!-- this is used for rules that only need new events for evaluating.
+			      - If you dont know what this does, leave it set to false
+				  
+				  - If you set this to true, it means that the task will only receive events it has not already received
+				  
+				  - If you set this to false, it means that the task will receive all events of its timeframe, everytime it is polled 
+				     (e.g. task gets events provided until they fall out of the timeframe)-->
 			<OnlyNew>
 				False
 			</OnlyNew>
+			
 			<!-- this is the timeframe (in seconds) to be inspected-->
 			<EventAge>
 				120
@@ -217,7 +243,14 @@
 			<LockTime>
 				3600
 			</LockTime>
-			<!-- this is used for rules that only need new events for evaluating. If you dont know what this does, leave it set to false-->
+			
+			<!-- this is used for rules that only need new events for evaluating.
+			      - If you dont know what this does, leave it set to false
+				  
+				  - If you set this to true, it means that the task will only receive events it has not already received
+				  
+				  - If you set this to false, it means that the task will receive all events of its timeframe, everytime it is polled 
+				     (e.g. task gets events provided until they fall out of the timeframe)-->
 			<OnlyNew>
 				False
 			</OnlyNew>
diff --git a/Source/EvlWatcherConsole/EvlWatcherConsole/Properties/AssemblyInfo.cs b/Source/EvlWatcherConsole/EvlWatcherConsole/Properties/AssemblyInfo.cs
index 5f366da..25f4974 100644
--- a/Source/EvlWatcherConsole/EvlWatcherConsole/Properties/AssemblyInfo.cs
+++ b/Source/EvlWatcherConsole/EvlWatcherConsole/Properties/AssemblyInfo.cs
@@ -10,7 +10,7 @@
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
 [assembly: AssemblyProduct("EvlWatcherConsole")]
-[assembly: AssemblyCopyright("2020 Michael Schönbauer")]
+[assembly: AssemblyCopyright("2022 Michael Schönbauer")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
@@ -49,5 +49,5 @@
 // Sie können alle Werte angeben oder die standardmäßigen Build- und Revisionsnummern 
 // übernehmen, indem Sie "*" eingeben:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.1.4.0")]
-[assembly: AssemblyFileVersion("2.1.4.0")]
+[assembly: AssemblyVersion("2.1.5.0")]
+[assembly: AssemblyFileVersion("2.1.5.0")]
diff --git a/Source/EvlWatcherConsole/EvlWatcherConsole/View/MainWindow.xaml b/Source/EvlWatcherConsole/EvlWatcherConsole/View/MainWindow.xaml
index 0df11cd..6c1fffb 100644
--- a/Source/EvlWatcherConsole/EvlWatcherConsole/View/MainWindow.xaml
+++ b/Source/EvlWatcherConsole/EvlWatcherConsole/View/MainWindow.xaml
@@ -2,7 +2,7 @@
         xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
         xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
         xmlns:vm="clr-namespace:EvlWatcherConsole.ViewModel"
-        Title="EvlWatcher v2.1.4 Console" Height="650" Width="825" MinHeight="650" MinWidth="825" Icon="pack://application:,,,/Resources/EvlWatcher.ico" WindowStyle="ThreeDBorderWindow">
+        Title="EvlWatcher v2.1.5 Console" Height="650" Width="825" MinHeight="650" MinWidth="825" Icon="pack://application:,,,/Resources/EvlWatcher.ico" WindowStyle="ThreeDBorderWindow">
     <Window.DataContext>
         <vm:MainWindowViewModel/>
     </Window.DataContext>
diff --git a/Versions/v2/EvlWatcher-v2.1.5 release notes.txt b/Versions/v2/EvlWatcher-v2.1.5 release notes.txt
new file mode 100644
index 0000000..dc92b7a
--- /dev/null
+++ b/Versions/v2/EvlWatcher-v2.1.5 release notes.txt	
@@ -0,0 +1,7 @@
+### 2022-04-14 release of v.2.1.5 was completed
+-----------------------------------------------------
+- fixes a bug where a windows misbehaviour could return 0.0.0.0 as offending IP, thus blocking all subnets
+- try to fix a bug where a false positive warning about tasks taking too long are spamming the event logs of EvlWatcher
+
+
+
diff --git a/Versions/v2/EvlWatcher-v2.1.5-setup.exe b/Versions/v2/EvlWatcher-v2.1.5-setup.exe
new file mode 100644
index 0000000..664811a
Binary files /dev/null and b/Versions/v2/EvlWatcher-v2.1.5-setup.exe differ