I wasn’t sure of the answer so I asked a friend of mine and here is his answer:
Here is an article for how to block instant messengers with ISA:
The way that IE works by default even with using a proxy enabled is to send the request as anonymous first. This is also true of the firewall client if it is installed. It will send the source IP address instead of the username. So if you are looking at the sessions for the Web service and see anonymous connections or the Firewall service and see IP addresses you can right click on the array member and choose the checkbox that says “Ask unidentified users for identification”. This will require all connection attempts to authenticate before going outbound through the isa server. You can see this activity happening if you do a netmon capture and see the packets moving tofrom the client and server. The client will send the request and the ISA server will respond back authentication required – 407 and then the client will respond back with the proper credentials that has access. I hope this helps.