FAQ

This AVG Firewall function is designed for full-screen applications which need to communicate with Internet, and the Firewall dialogue with choice of available actions would affect the application (minimize it or corrupt its graphics).

The offered solution is the Gaming mode, which can be activated this way:

Open AVG - double-click on the Firewall component - tick the option Enable gaming mode - confirm the change using the button Save changes.

After saving the rule, all communication of all full-screen applications will be allowed.

It is also possible to enable the Gaming mode for each Firewall profile, and change the Firewall action from Allow for all to Block:

Open AVG - menu Firewall settings - profile name

You can save your current settings of AVG Firewall (rules and configuration from all profiles) and import it back, by the following steps:

• Open AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select the General item.
• Click on the Export button.
• Choose the name of the configuration file and where it will be saved.

If you would like to import the exported configuration please use the Import button and choose the saved file.

If you like to save just configuration from certain profile, please follow these steps:

• Open AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select the Profiles item.
• Click on the Export profile button.
• Choose the name of the configuration file and where it will be saved.

If you would like to import the exported configuration please use the Import Profile button and choose the saved file.

It is possible to define the following actions for communicating applications:

• Allow for all: communication of this application is fully allowed.
• Allow for safe: communication of this application is allowed to safe networks only.
• Block: communication of this application is completely blocked.
• Ask: when you run this application you will be asked if you would like to allow or block its communication.
• Advanced configuration: it is possible to define which ports and networks allowed/blocked actions apply to.

To access and modify rules please proceed as follows:

• Open AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select the Profiles -> your default profile (e.g. Standalone computer) -> Applications.

1. How to disable AVG Firewall temporarily:

If there is a problem with the Internet connection or the sending/receiving of e-mails and you suspect the AVG Firewall could be the problem, or there is another reason for deactivating the AVG Firewall, follow these steps:

• Open AVG User Interface.
• Double click on the Firewall component.
• Choose the Firewall disabled option.
• Confirm changes by clicking on the Save changes button.

Now the AVG Firewall service is switched off. When you need to re-activate the AVG Firewall, please proceed as follows:

• Open AVG User Interface.
• Double click on the Firewall component.
• Choose the Firewall enabled option.
• Confirm changes by clicking on the Save changes button.

2. How to disable AVG Firewall permanently:

If you would like to disable the AVG Firewall component permanently (including its driver and services) please follow these steps:

• Disable the AVG Firewall in the AVG User Interface as mentioned in step 1.
• Start -> Settings -> Control Panel -> Administrative Tools -> Services.
• Find the AVG8 Firewall service in the list of services and double-click it.
• Change the Startup type from Automatic to Manual (it will be possible to activate the Firewall manually) or Disabled (it will not be able to activate the Firewall even manually).

When the AVG Firewall is deactivated, your PC is vulnerable to attacks from the Internet. Your anti-virus protection is not effected by disabling the AVG Firewall.

The Profiles, Area Detection and Automatic Profile Switch are closely related features of AVG Firewall. This FAQ topic describes what they are and how they work, allowing you to configure AVG Firewall exactly according to your needs.

1. What is the Profile?

Profile in AVG Firewall is a complete set of Firewall configuration. If you have multiple profiles in your AVG Firewall, then each profile contains its own configuration of:

• adapters
• networks
• safe networks/adapters
  
• application rules
• system rules
• services
• logging options

The result of this is the possibility to set up multiple different AVG Firewall configurations and use them in the networks you are connecting to, based on your security requirements.

2. What is the Area Detection?

Area Detection is an ability of AVG Firewall to distinguish to which network is the computer currently connected. The detection is independent on the used adapter, network configuration and network type. If you connect a laptop with installed AVG Firewall to one Wi-Fi network, you will receive an Area Detection dialogue where you can assign which profile you wish to use. Upon connection to another Wi-Fi network, the Area Detection dialogue will be displayed again, even if the network configuration is exactly the same and the only difference is in the Wi-Fi router/hotspot.

This function allows you to achieve custom configuration for every single network you are connecting to.

3. What is the Automatic Profile Switch?

By combining the Profiles with the Area Detection, we are able to automatically assign any profile to any network. Each profile contains its own configuration, each network is recognized as a new area.

Example:

When you connect your computer/laptop to company network, the Area Detection dialogue is displayed. You decide to use profile "Computer in domain", since the network is protected by gateway and other internal security measures. Then you decide to connect to the company network using Wi-Fi. Again, Area Detection is displayed and "Computer in domain" is the best choice.

Then you take your laptop and go to a coffee place with public Wi-Fi hotspot. New area is detected again, and you select profile "Computer on the move" to block all unwanted traffic (e.g. file sharing). This area is recognized, even though you are using the same Wi-Fi adapter, and the network configuration (IP, Gateway, etc.) is identical to that at work.

Finally, you connect at home using cable. Once again is the area detected, and you select profile "Standalone computer".

Once you connect to these networks for the second time, the desired profile will be selected automatically based on your previous choice.

Each of the profiles used in this example has different settings for applications (e.g. Skype, FTP Server, ICQ, Internet browser), system rules (file sharing, RDP, RPC, etc.) and all other options, so for every single network you connect to, required security level is always maintained.

The level of the security used in AVG Firewall is dependant upon your choice here. Because of this we recommend you to pay close attention to AVG Firewall Configuration Wizard.

For maximum security, without disturbing the current network services that you access, it is necessary to select ALL connection types that you use to connect to the Internet.

• Standalone computer - directly connected to the Internet
  Generates settings suitable for single computer usage. Please choose this option for the following situations:
  When you are using a home computer connected by either dial-up or always-on connection, via a modem and telephone line, cable connection, wireless connection (so-called WiFi) etc.
  When you are connected to a small local corporate network without central administration.
  Rules that are more restrictive will be created, as it is assumed that these computers have no additional protection and therefore require the maximum protection.
  

• Computer in domain - connected to company network
  Generates settings suitable for a computer connected within a local network. In this case it is assumed that there is some additional protection available (such as a corporate (software or hardware) firewall). Therefore, the rules created are less restrictive.
  

• Computer on the move – when travelling
  Generates settings suitable for single computer usage. Please choose this option for the following situations:
  When you are using a home computer connected by either dial-up or always-on connection, via a modem and telephone line, cable connection, wireless connection (so-called WiFi) etc.
  When you are connected to a small local corporate network without central administration.
  Rules that are more restrictive will be created, as it is assumed that these computers have no additional protection and therefore require the maximum protection.
  If the notebook is connected to your company network, we recommend you to switch the profile to „Computer in domain - connected to company network”.
  

• Small home or office network
  This profile corresponds with the Standalone computer profile but in addition also allows "Microsoft file sharing and printing" service and Network diagnostics (Replies on ICMP network diagnostics) for Safe networks. To fully use this profile, it is recommended to define your local network in your Firewall profile configuration and consider the Network safety as being "Safe".
  Open AVG -> menu "Tools" -> "Firewall settings" -> "Small home or office network" -> Select "Defined networks" -> "Add Network" -> "Add IP" -> "IP Address / Mask" and define your local network IP range (e.g. 192.168.0.0 / 255.255.0.0 is equal to IP range from 192.168.0.0 to 192.168.255.255) and switch "Network safety" to "Safe". You can name such a network as "My local Trusted zone".
  

Suggestions:

• choose the „Single computer directly connected to the Internet“ option if your computer is not connected to the corporate network or if you are not sure which option is correct.
• contact your network administrator if your computer is connected to your corporate network but you do not know if there is some additional protection used in the network
• if you use a laptop for both home connection and connection to the corporate network, please choose the „Computer on the move – when travelling“ option. After the laptop is connected to the corporate network, temporarily switch profiles in the AVG Firewall.

Remember that you can switch profile for AVG Firewall at any time you require. You can do this here:
Open AVG User Interface -> Click Firewall icon -> select required profile from drop down menu and press "Save changes".

Experienced users can configure the firewall manually (to set up actions for individual communicating applications).

But you can also use the Configuration Wizard. This wizard will check your computer and recommend default settings.
It is automatically configured to provide optimum protection for your computer.
Configuration (for advanced users) of AVG Firewall is accessible from top menu "Tools" -> "Firewall settings"

Configuration Wizard is automatically launched after the first installation, or you can launch it manually this way:

- open AVG User interface

- double-click the Firewall component

- click "Configuration wizard" button

In AVG Firewall, it is possible to set some networks (IP ranges) and adapters (network interfaces) as Safe. At the same time, rules for applications or system services can be allowed only for Safe networks. The combination of the two allows you to configure your Firewall to protect your computer from unwanted network connections, while allowing all required communication from and to known sources.

Note:
The configuration of Safe networks and adapters can be combined with Automatic Profile Switch functionality.

Safe adapters
configurable in AVG User Interface - menu Tools - Firewall settings - Profiles - your profile - Defined adapters

When you mark some adapter as Safe, rules that are set as "Allow for all" will be applied to all adapters (including those marked as Safe), and "Allow for safe" will be applied only to the safe adapters. This can be used for example in small home networks, where one computer with two network adapters acts as a gateway to the Internet:

• set the adapter that is used for connection to the local network as Safe
• set Microsoft File Sharing and Printing under System Services as Allow for safe
• all computers connecting through the Safe adapter will be able to browse the shared files or use shared printers and other resources on the gateway
• the shared files and resources will not be accessible from Internet

The same scenario can be used in case any other service should be allowed only for one network adapter, e.g. on a notebook with Wi-Fi and LAN adapter. For example the RPC service can be allowed only for a safe LAN adapter (used at work), and blocked for a Wi-Fi adapter (used in public hot spots).

Safe networks
configurable in AVG User Interface - menu Tools - Firewall settings - Profiles - your profile - Defined networks

To be able to set some network as Safe, it is necessary to create it first using the button "Add network". Once you create the network (in other words custom list of IP addresses), you can specify that this network will be safe, and the same behavior as with safe adapters is applied to it - "Allow for all" rules are applied to all networks including the safe ones, and "Allow for safe" is applied only to the safe network. The example is again similar to the one with Safe adapter:

• create some new network (e.g. 192.168.0.1 - 192.168.0.100) and mark it as Safe
  
• set Microsoft File Sharing and Printing as Allow for safe
• if the other computer is in the IP range specified when creating the network, it will be able to connect and browse your shared files
• connections from different IP addresses will be blocked

This way, you can allow sharing of your files or network resources (or allow any other communication) only to strictly specified list of IP addresses/computers.

It is possible to combine the safe adapters and safe networks without any restrictions, and the configuration of safe network, safe adapters, and "Allow for safe" rules is stored individually for each profile. This allows you to create fully customized sets of configuration for any network you are connecting to.

If you have the profile "Small home or office network" in your AVG, some rules which are typicaly required in this scenario (MS File Sharing and Printing, Replies to ICMP diagnostics) are already marked as Allow for safe. It is therefore only necessary to set some adapter or network as safe to gain full advantage of this profile.

In case of any questions related to the safe networks/adapters, AVG Firewall or AVG in general, please feel free to contact our Technical Support.

The AVG Firewall allows you to add, edit or remove any of the predefined or newly created rules. This is a description of these actions.

Creating a new rule
When a new application tries to establish a network connection, the Firewall ASK dialogue is usually displayed. The actions available in this dialogue are described in separate FAQ topic. However, in some cases the rule has to be created manually. This usually applies to applications which are using also some system communication, and a system rule has to be created for them based on the requirements provided by the author of such application.

To create a new application rule, please proceed as follows:

• open AVG User Interface - menu Tools - Firewall settings
• expand Profiles - your profile - Applications
• click on "Add" to create blank application rule
• fill in the details (application path, action)
  

To create a new system rule, please proceed as follows:

• open AVG User Interface - menu Tools - Firewall settings
• expand Profiles - your profile - System services
• click on "Add" to create blank system rule
• fill in the details (action, services)
• please note that only "Allow" rules are taken into consideration in System rules. If you create a "Block" rule, the effect is the same as if the rule did not exist.
• before creating new system rule, it is recommended to check the list of the existing rules and enable one or more of them by setitng them to "Allow", if suitable rules exists

Editing or deleting current rule
In case you need to edit some rule, e.g. change its action from Block to Allow or delete it, you can do it the following way:

• open AVG User Interface - menu Tools - Firewall settings
• expand Profiles - your profile - Applications or System rules
• click on the rule that you want to change
• edit its settings or click "Delete this rule"

For information about each option in the rules configuration, please refer to the User manual of your AVG edition. Other aspects of the Firewall configuration are also covered by FAQ topics in the Firewall section. In case of any questions or problems, please contact our Technical Support.

If your AVG Firewall reports an error related to corrupted configuration, or fails to load without any apparent reason, please try to create new set of AVG Firewall rules:

• open AVG User Interface
• double-click on Firewall
• select "Configuration wizard"
• follow the wizard

The Firewall Configuration Wizard will create new Firewall settings. This will eliminate any problems related to corrupted or missing configuration file, but the previous configuration will be replaced and it might be therefore necessary to configure the AVG Firewall again according to your needs.

If the problem will persist, please do not hesitate to contact our Technical Support.