FAQ

The problem is that the Windows RPC system service is blocked, by default, in the AVG Firewall configuration. You can allow this service in System services but it is not secure. It is suggested that you create a new system service which will allow incoming TCP communication to local port 4899. If you change the default Remote Administrator port, you will have to set a system rule for the correct port.

You can change AVG Firewall configuration this way:

• Open the AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> System services.
• Click on the Add button.
• Type a brief name of this new rule (e.g. Remote Administrator) and the System rule details switch to Allow for all.
• Click on the Add button and then on the Add service button.
• Fill in the Service item name column (e.g. Radmin) and click on the Add button.
• Protocol - TCP, Direction - In.
• Local ports - 4899 (or as specified in Remote Administrator application).
• Remote ports - "*" (without quotes).
• Click on the OK button.
• Tick in the Radmin service in the list of Defined services.
• Save the settings by clicking on the OK button.

It is possible that MS Outlook will not be able to connect to your MS Exchange server after installation of AVG program with Firewall component. This is because the Windows RPC service (required for that type of communication) is not allowed by the AVG Firewall configuration for security reasons. In this case we recommend that you to re-configure the AVG Firewall to allow the RPC service. However we also recommend that you only allow this service for trusted subnets (safe networks) in configuration of AVG Firewall this way:

• Open the AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select Profiles -> your default profile -> System services.
• Find the Windows RPC Service and choose the Allow for safe option from the System rule details section.

• Please go to Profiles -> your default profile -> Defined networks.
• Click on the Add network button.
• Type a brief name for your network and tick the Network is safe option.
• Click on the Add IP button and specify the network range.
• Save the settings by clicking on the OK button.

In case of any further problems please contact our AVG Technical Support team.

The default setting for the Windows RPC Service in AVG Firewall is Block. The correct configuration of the RPC service is very important for your computer's security. Because of this, we recommend that you carefully consider its configuration. We also recommend that you only allow the RPC service for IP addresses of computers that must use the RPC service with your computer, or only for the safe network.

We would recommend you to allow the Windows RPC Service in AVG Firewall to Allow for safe and create a new safe network using the following steps:

• Open the AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select Profiles -> your default profile -> Defined networks.
• Click on the Add network button.
• Type a brief name for your network and tick the Network is safe option.
• Click on the Add IP button and specify the network range.
• Save the settings by clicking on the OK button.

If you are not sure about these settings, we recommend that you contact your system administrator.

You can read more about the RPC service and the possible consequences of incorrect settings in AVG Firewall at:

http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx

You need to enable Microsoft file sharing and printing in the system services. Please proceed as follows: 

• Open AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> System services.
• Choose the Microsoft file sharing and printing service.
• Switch the System rule details from Block to Allow for all.
• Confirm changes by clicking on the OK button.

If the PC is connected directly to the Internet, please restrict this rule to only safe networks. Such network should be created this way:

• Open AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> Defined networks.
• Click on the Add network button.
• Type a brief name of your new network (e.g. Local network).
• Tick in the Network is safe option.
• Click on the Add IP button.
• Please specify the network range and click on the OK button.
• Open the Microsoft file sharing and printing service again and switch the System rule details to Allow for safe.

Note: By default Microsoft file sharing and printing service is enabled only for safe networks in the Small home or office networks profile. When using this profile please create a new safe network using the steps above.

If you encounter any further issues with enabling of Microsoft file sharing and printing service, please contact our AVG Technical support team.

Various VPN applications use different protocols for their communication.

• Therefore, if you find some blocked traffic in the Filter Device log, with protocol: 47 mentioned, please allow the GRE rule.
• If protocol: 50 is mentioned there, please allow the ESP rule.

The GRE and ESP rules are already created within the AVG Firewall. You only need to change them to allowed, as follows:

• Open AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> System services.

If you cannot find these two rules within the AVG Firewall, please run the Configuration Wizard again. It will automatically create them.

To allow the communication of ActiveSync application, please make sure you are using the latest version of this program (4.5 or higher), and then proceed as follows to allow it in AVG Firewall:

• Connect the device to the computer.
• Open AVG, double-click on Firewall component and select Configuration wizard.
• Save the newly created configuration.
• Then please create new system  rule in AVG Firewall:
  • Run AVG -> menu Tools -> Firewall settings -> name of used profile -> click on System services -> Add.
  • Fill in the rule name (e.g. ActiveSync), in System rules details please choose Allow for all.
  • In the System rule action click on Add, and in the bottom list of services tick the ActiveSync service
  • Make sure the rule is created correctly and save the configuration.

In case of any further problems with ActiveSync communication, please contact the AVG Technical Support team.

Please do the following to enable the "Windows Mobile Device Center" (version 6.x) communication on Windows Vista operating system:

• Open AVG.
• Open menu Tools -> Firewall settings.
• Expand the profile you are using from the Profiles section.
• Select the Applications item.
• In the Applications double click on the Various System Services application.
• Click the Add button in the section Application detail rules.
• Click Move up button until the new detail (e.g. '13') is in the first place of the list.
• In the section Defined services please tick the ActiveSync service.
• Select Allow for all under the Detail action option.
• Confirm the new configuration by clicking the OK button.

It will be now possible to connect the device to the computer. If any problem persists, please feel free to contact our technical support.

To allow the Microsoft VPN connection in AVG Firewall, please proceed as follows:

• Open AVG -> menu "Tools" -> "Firewall settings".
  
• Expand your profile, select "Defined networks" and create a new network for your VPN gateway:
• Click "Add network" -> fill in network name (e.g. 'VPN network') -> "Add IP".
  
• Select "One IP address" and fill in the IP address of your Microsoft VPN server/gateway (the address to which you are connecting).
• Click "OK" twice.
• Switch to "Defined services" and create a rule allowing Microsoft VPN:
• Click "Add service" -> fill in the service name (e.g. 'VPN service')
  
• Click "Add" and create the following rules:
• Custom protocol; Custom protocol number: 47; Direction IN; Local ports: 0; Remote ports: 0
• Custom protocol; Custom protocol number: 47; Direction OUT; Local ports: 0; Remote ports: 0
• Protocol: TCP; Direction IN; Local ports: 0; Remote ports: 1723
• Protocol: TCP; Direction OUT; Local ports: 0; Remote ports: 1723
• Protocol: UDP; Direction: IN; Local ports: 0; Remote ports: 0
• Protocol: UDP; Direction: OUT; Local ports: 0; Remote ports: 47
• Click "OK" to save the service.
• Now switch to "System services" and create a rule that will use the created service for the created network:
• Click "Add" -> fill in the rule name (e.g. 'VPN rule').
• Set the "System rule details" to "Allow for all".
• In the "System rule actions" click "Add".
• In "Defined services" tick only the created service ('VPN service').
• In "Defined networks" tick only the created network ('VPN network').
• Click "OK" to store the Firewall configuration, and verify that the communication is allowed now.

This way, the communication of the Microsoft VPN will be allowed as safely as possible, without limiting the connection. In case you experience any problems, or require assistance with one of the steps, please do not hesitate to contact our Technical Support.

On Windows XP/2000, The CheckPoint VPN-1 SecureClient requires specific configuration of the AVG Firewall, which consists of allowing all UDP communication to the IP address of your VPN gateway. Here are the steps how to create a rule allowing this communication:

Note:
This configuration is not necessary on Windows Vista.

• open AVG User Interface - menu Tools - Firewall settings
• expand your profile - Defined networks - click "Add network"
• fill in the network name (e.g. CheckPoint network) and click "Add IP"
• select "One IP address" and fill in the IP address of your VPN gateway (can be provided by your network administrator)
• select "OK" twice
  
  
• in the left tree, please move to the "Defined services" - click "Add service"
• fill in the service name (e.g. CheckPoint service) and click "Add", then fill in the details:
• Protocol: UDP
• Direction: Both
• Local ports: *
• Remote ports: *
• select "OK" twice
  
  
• switch to "System services" and click "Add"
• fill in the rule name (e.g. CheckPoint rule)
• change the rule detail to "Allow"
• in System rule action click "Add" and in the bottom part:
• on the tab "Defined services" tick only the created service (CheckPoint service)
• on the tab "Defined networks" tick only the created network (CheckPoint network)
• click "OK" to save the whole configuration
  
  

In case of any problems with this configuration, or if the VPN connection remains blocked, please contact our technical support.

To allow the connection between XBOX and computer with AVG Firewall, please proceed as follows:

1. Open AVG -> menu Tools -> Firewall settings.
   
2. Open section Profiles -> your profile -> Applications.
   
3. Click Add button -> "..." button next to the Path.
   
4. Browse to:
   c:\Program Files\Windows Media Player\wmpnetwk.exe
   
5. Make sure that Application action is set to Allow for all and click Apply.
6. In the left tree, please switch to application Various system services.
   
7. In the Application detail rules click on Add button and then click Move up button until the new entry (represented by a number, e.g. 12) is on the first place in the list.
   
8. Set Detail action to Allow for all.
   
9. In Defined services click on Add service.
   
10. Fill in the service name (e.g. XBOX) and click Add button.
    
11. Fill in the following settings of the rule:
    
    
    • Protocol: TCP
    • Direction: Both ways
    • Local ports: 2869
    • Remote ports: *
12. Click OK to store the newly created rule and also the service.
    
13. In the list of Defined services, please scroll down to the created XBOX service and tick it.
    
14. Click OK to store the whole AVG Firewall configuration and test the connection.

In case you will experience any further issues with the XBOX connection, please feel free to contact our technical support.

To allow the connection between XBOX and computer with AVG Firewall, please proceed as follows:

1. Open AVG -> menu Tools -> Firewall settings.
   
2. Open section Profiles -> your profile -> Applications.
   
3. Click Add button -> ... button next to the "Path".
   
4. Browse to:
   c:\Program Files\Windows Media Player\wmpnetwk.exe
   
5. Make sure that Application action is set to Allow for all and click Apply.
   
6. In the left tree, please switch to System services.
   
7. Click the Add button and fill in the name (e.g. 'XBOX').
   
8. Change the System rule details to Allow for all.
   
9. Click Add button under System rule action section.
   
10. Under Defined services please click Add service button and fill in the name (e.g. 'XBOX service').
    
11. Using the Add button, please create the following rules:
    
    
    • Protocol: TCP
      Direction: Both ways
      Local ports: 2869
      Remote ports: *
    • Protocol: TCP
      Direction: Both ways
      Local ports: 10243
      Remote ports: *
    • Protocol: UDP
      Direction: Both ways
      Local ports: *
      Remote ports: 3702
12. Click OK to store the newly created service.
13. In the list of Defined services, please scroll down to the created "XBOX service" and tick it.
14. Click OK to store the whole AVG Firewall configuration and test the connection.

In case you will experience any further issues with the XBOX connection, please feel free to contact our technical support.

In order to allow communication with the Belkin Network USB Hub please proceed as follows:

• Open AVG User Interface. 
• Choose the Firewall settings option from the Tools menu. 
• Expand your default profile from the Profiles section. 
• Select the Applications item. 
• Press the Add button on the right hand side. 
• Use the "..." button to enter the path to the program executable:
  • C:\Program Files\BELKIN\Network USB Hub Control Center\Connect.exe 
• In case the name of the application is not entered automatically after the application selection, please type a name for the rule (e.g. Network USB Hub Control Center). 
• For Application action select Allow for all. 
• Press the OK button to confirm changes.

To allow the blocked ports, please proceed as follows: 

• Open AVG User Interface -> menu Tools -> Firewall settings -> your profile -> Defined services -> click on the Add service button. 
• Name the service (e.g. Network USB Hub Control Center service). 
• Push the Add button to add the following items:
  • protocol UDP, direction IN, local port 19540, remote port *
  • protocol TCP, direction OUT, local port *, remote port 19540 
• Save the service.
• Click on the System services in the tree on left side. 
• Push Add button on right side. 
• Name the system rule. 
• Set the action to Allow for all. 
• Push Add button in the System rule action. 
• Select and enable the previously created service in the Defined services list (Network USB Hub Control Center service)
• Save the Firewall settings.

In case that this FAQ did not solve your issue, please contact us directly from the AVG program, menu Help -> Get Help Online, or via AVG Technical Support contact form.