FAQ

Please take a look at the AVG Control Center to see if the AVG Firewall component is listed. You can also check it here: AVG Control Center->View menu->Components option. If you cannot see the AVG Firewall component there, the wrong installation file has probably been chosen. Please use these links to download the correct installation file:

• AVG Plus Firewall Trial version (evaluation version for 30-days free)
• AVG Plus Firewall Edition (full version with 2-year license)

Please download the correct installation file, run it and then choose the "Add/remove components" option. Then tick-on the AVG Firewall component from the list of components and finish the process.

This warning is displayed, because you previously had a version of AVG with Firewall installed on your computer. Since then, you have activated AVG with a license which does not support the AVG Firewall component (but the Firewall component has not been uninstalled from your computer).
To solve this problem we recommend that you either active AVG with a license number which supports the AVG Firewall component (1) or uninstall the AVG Firewall component (2).

1. You can active AVG with a license number which supports AVG Firewall as follows:

• launch AVG
• choose the "Information" menu
• click on the "Activate AVG" option
• enter your correct AVG license number into the last textbox
• confirm by clicking on the "Activate" button

2. You can uninstall the AVG Firewall component as follows: 

• download the latest AVG installation file from this website: http://www.avg.com/doc/programs/
• run the downloaded file and choose the third option- "UNINSTALL"
• restart your computer
• run the downloaded file again and install AVG using your existing license number

If you have any problems, please feel free to contact our technical support.

The final dialog informs you about the changes to configuration and firewall policy rules, as performed in the previous dialogs of the AVG Firewall Configuration Wizard. The level of security rules used in AVG Firewall is dependant upon your choice here. Because of this we recommend you to pay close attention to this dialog.
To finish the AVG Firewall Configuration Wizard you have to choose one of the following options:

• Standalone computer - directly connected to the Internet

Generates settings suitable for single computer usage. Please choose this option for the following situations:

When you are using a home computer connected by either dial-up or always-on connection, via a modem and telephone line, cable connection, wireless connection (so-called WiFi) etc.

When you are connected to a small local corporate network without central administration.
Rules that are more restrictive will be created, as it is assumed that these computers have no additional protection and therefore require the maximum protection.

• Computer in domain - connected to company network

Generates settings suitable for a computer connected within a local network. In this case it is assumed that there is some additional protection available (such as a corporate (software or hardware) firewall). Therefore, the rules created are less restrictive.

• Computer on the move – when travelling

Generates settings suitable for single computer usage. Please choose this option for the following situations:
When you are using a home computer connected by either dial-up or always-on connection, via a modem and telephone line, cable connection, wireless connection (so-called WiFi) etc.
When you are connected to a small local corporate network without central administration.
Rules that are more restrictive will be created, as it is assumed that these computers have no additional protection and therefore require the maximum protection.
If the notebook is connected to your company network, we recommend you to switch the profile to „Computer in domain - connected to company network”.

Suggestions:

• choose the „Single computer directly connected to the Internet“ option if your computer is not connected to the corporate network or if you are not sure which option is correct.
• contact your network administrator if your computer is connected to your corporate network but you do not know if there is some additional protection used in the network
• if you use a laptop for both home connection and connection to the corporate network, please choose the „Computer on the move – when travelling“ option. After the laptop is connected to the corporate network, temporarily switch profiles in the AVG Firewall

Remember that you can switch profiles used, or change settings of the chosen profile, for AVG Firewall at any time you require. You can do this here:
AVG Control Center->AVG Firewall->Configuration->Profile tab

• active: in this state the firewall is operational and ready to monitor/block processes according to its settings
• passive: in this state the firewall is deactivated and does not monitor/block any processes
• all traffic stopped: in this state the firewall is operational and all traffic is blocked
  

You can change the state of the firewall by right-clicking on the AVG Firewall component in the AVG Control Center

Experienced users can configure the firewall manually (to set up actions for individual communicating applications).
But you can also use the Automatic Configuration Wizard. This wizard will check your computer and recommend default settings.
It is automatically configured to provide optimum protection for your computer.
Configuration and the Automatic Configuration Wizard are both available in the context menu by right-clicking on the AVG Firewall component located in the AVG Control Center.

• allow: communication of this application is fully allowed
• block: communication of this application is completely blocked
• ask: when you run this application you will be asked if you would like to allow or block its communication
• advanced configuration: it is possible to define which ports and networks allowed/blocked actions apply to
  

To access and modify rules, select the AVG Firewall component (from the AVG Control Center) and click on the "Configure" button.

In this case please run the Automatic Configuration Wizard. It will check your computer again and recommend you default settings.
The Automatic Configuration Wizard is accessible from the context menu by right-clicking on the AVG Firewall component in the AVG Control Center.

If you have changed the license number in the AVG Control Center (using the correct license number for the AVG Plus Firewall Edition) but the AVG Firewall component is still not visible, please refresh the components of the AVG Control Center by pressing the F5 key.

• An incorrect license number has been used - you have to use the correct license number for the AVG Plus Firewall Edition.
• If you have used the correct license number, please check these settings:
  AVG Control Center -> View -> Components
  If the AVG Firewall component is not enabled there, please click on it, then, in the window which appears, click on the General tab. Enable the "Display component" option and disable the "Only when a faulty condition exists" option.

You should not be concerned about this. AVG Firewall really works in Stealth mode. The problem is that these tests are not testing AVG Firewall but are actually testing the security settings of your local network (for example if you use a cable connection to the Internet, they are testing the security settings of your provider).

Immediately after AVG Plus Firewall Edition is installed the integrated MS WindowsXP firewall is deactivated automatically. You must then configure the AVG Firewall and restart the computer. After this restart the Security Center should detect that AVG Firewall is running correctly.

If you are using AVG Plus Firewall Edition and the error mentioned below occurs when sending/receiving e-mails via the EMS (Personal e-mail scanner), it is possibly caused by the incorrect setting of the firewall integrated into the WindowsXP SP2 operating system. The step-by-step instructions on how to configure it correctly are available in the "Firewall Settings for AVG 7.5 " guide. This document is available for download here: http://www.avg.com/doc/Documentation.
After changing these settings it is necessary to restart the computer.

At first it seems that the e-mail has been sent but you then receive this error message after a while:

This is the AVG E-mail Scanner program.

I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations.

-------------------------------------------------------------------
Cannot open smtp connection to 'xx.xxx.x.x'
Connect: Connection timed out. A connection attempt failed because the connected party did not properly respond after a period of time, or the established connection failed because the connected host has failed to respond. (10060)
-------------------------------------------------------------------

We have tested VPN access using the SafeNet HighAssurance application and there should be no problems.
In the SafeNet HighAssurance settings, ensure that: "Replies on ICMP network diagnostics - ECHO_IN service" is allowed

Then you need to permit the VPN application to connect.
You have two possible methods for doing this:

• Try to connect via VPN and the "AVG Firewall - Confirmation" dialog should appear.
• It is possible to create a new rule for the VPN application in the AVG Firewall.

You can choose the allowed ports via the advanced configuration menu:
AVG Firewall-> Configure -> Applications tab -> Edit -> Action: "Advanced configuration" -> Create Rule -> "New Service" button -> "Add item"

In such a case it will be necessary to add the "SafeNet IRE Service" (Program Files\SafeNet\HighAssurance RemoteLT\IreIKE.exe) to the AVG Firewall rules. There is no "ask dialogue" for this service. Therefore you must add it to AVG Firewall rules manually. Alternatively you can restart the service and then the "ask dialogue" will appear.

If any problem occurs with setting up the VPN connection, please contact our technical support. Thank you.

If you have installed the AVG Plus Firewall Edition, ran the Automatic configuration wizard and then, after the computer has restarted, your local network is not accessible, please check the following configuration:
AVG Control Center -> Firewall -> Configure -> System tab -> "Microsoft file sharing and printing"

This system rule's default setting is "Block" (for security reasons). If your local network is not accessible or you cannot print on network printers, please re-configure this option to "Allow" (choose "Microsoft file sharing and printing" -> click on "Edit rule" button -> click on "Edit rule" button)

The correct configuration of the Microsoft file sharing and printing service is very important for your computer's security. Because of this, we recommend that you carefully consider its configuration. We also recommend that you only allow the Microsoft file sharing and printing service for IP addresses of computers that must use this service with your computer, or only for your local network. You can set up your local network in the AVG Firewall configuration as: 

• range of secure IP addresses connected to your local network 
•  IP address/Mask 
•  one IP address
  

If you are not sure about these settings, we recommend that you contact your system administrator.

It is possible that MS Outlook will not be able to connect to your MS Exchange server after AVG Plus Firewall Edition installation. This is because the RPC service (required for that type of communication) is not allowed by the AVG Firewall configuration for security reasons. In this case we recommend that you to re-configure the AVG Firewall to allow the RPC service. However we also recommend that you only allow this service for trusted subnets (a reduced list of IP addresses) using the advanced configuration of AVG Firewall.

Please follow these steps to re-configure AVG Firewall:
AVG Control Center->AVG Firewall->Configure->System tab->Add rule button (you can name it 'Exchange Server' for example)->Create rule button->choose the RPC (Remote Procedure Call (DCOM)) from the left list of services->click on the „->“ arrow ->choose your local network in the right „Networks“ button (if it´s not listed here, please add your network – click on the New Network button and define range of IP addresses of your local network)

The problem is that the RPC system service is blocked, by default, in the AVG Firewall configuration. You can allow this service in "System" but it is not secure. It is suggested that you create a new system service which will allow incoming communication to local port 4899. If you change the default "Remote Administrator" port, you will have to set a system rule for the correct port.

You can change AVG Firewall configuration here:

AVG Control Center->AVG Firewall->Configure->System tab

All denied requests to system services and requests for applications that does not have its „Allow” rule in the AVG Firewall are logged as „Filter devices“. The record means that there was an attempt to contact a system service from inside or outside of the PC. It was allowed/denied according to your AVG Firewall rules.

The default setting for the RPC service in AVG Firewall is "Blocked“. The correct configuration of the RPC service is very important for your computer's security. Because of this, we recommend that you carefully consider its configuration. We also recommend that you only allow the RPC service for IP addresses of computers that must use the RPC service with your computer, or only for your local network.

You can set up your local network in the AVG Firewall configuration as:

• range of secure IP addresses connected to your local network
• IP address/Mask
• one IP address

If you are not sure about these settings, we recommend that you contact your system administrator.
You can read more about the RPC service and the possible consequences of incorrect settings in AVG Firewall at:

http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx

You can create a new network in the AVG Firewall configuration here:
AVG Control Center -> AVG Firewall -> Configure -> Networks tab -> Add Network button -> here you can enter a name for the network and choose one of the options offered.

It is mandatory that if the rule is found (that corresponds to the running communication), this rule is used for this communication and rules browsing ends.
AVG Firewall analyses rules this way:

• Initially it searches for a rule where the path to the application, and the communication port used, exactly match the application that is trying to communicate.
  a) If such a rule is found and is set as "Allowed“ in the Advanced configuration it analyses all requirements of the Advanced configuration in sequence from the first to the last one setting.
  b) If any requirement from the Advanced configuration does not match the current communication, the analysis will continue to point 2.
• If an application with a corresponding path is not found or no match is found in the Advanced configuration, the AVG Firewall will repeat the analysis for the application with the mark ‘*’ appended to its path (that means "rule for all applications").
• If no rule has been found still, the AVG Firewall will continue with the settings corresponding to the Application tab, "If there is no rule for an Application“ option.

Some communications of the operating system are executed outside of the application environment, in lower levels of the operating system. These communications are not possible to assign to applications. If communications like this are required, you have to define a system rule (for example Microsoft file sharing and printing or RPC services).

It is not possible to generate "asks rules" for system services and no order is applied to them. An exact port (ports) with an exact log will be opened for the service defined in the system rule. Because some system rules could lower the level of your computer's security we recommend that you use them only for secure networks and take care when you are changing their configuration. We recommend that only advanced users and administrators create system rules.

Various VPN applications use different protocols for their communication.
Therefore, if you find some blocked traffic in the Filter Device log, with protocol: 47 mentioned, please allow the GRE rule.
If protocol: 50 is mentioned there, please allow the ESP rule.
The GRE and ESP rules are already created within the AVG Firewall. You only need to change them to allowed, as follows:
AVG Control Center->AVG Firewall->Configuration->System tab

If you cannot find these two rules within the AVG Firewall, please run the Automatic Configuration Wizard again. It will automatically create them.

No. It only checks if the application/system process is allowed to connect itself to the network. The downloaded file is virus-scanned by the AVG Resident Shield (executables and documents) when there is an attempt to execute it. If the “OnClose scanning” function is enabled in the AVG Resident Shield configuration, the file will be scanned when downloading has finished and the operating system closes the file. You can use the AVG command line scanner in some download managers, to scan downloaded files (if your download manager allows it).

You need to enable “Microsoft file sharing and printing” in the system rules (AVG Firewall->Configure->System tab). If the PC is connected directly to the Internet, please restrict this rule to only allow sharing for computers in your local network.

1. How to disable temporarily

If there is a problem with the Internet connection or the sending/receiving of e-mails and you suspect the AVG Firewall could be the problem, or there is another reason for deactivating the AVG Firewall, follow these steps:

Open the AVG Control Center program -> right-click on the "Firewall" component -> choose the "Deactivate" option. Now the AVG Firewall service is switched off. When you need to re-activate the AVG Firewall, open the AVG Control Center program -> right click on the "Firewall" component and choose "Activate".

When the AVG Firewall is deactivated, your PC is vulnerable to attacks from the Internet. Your anti-virus protection is not effected by disabling the AVG Firewall.

This way the Firewall is disabled temporarily and the Firewall component will be launched after the next computer startup or when you activate it manually.

2. How to disable permanently

If you would like to disable the AVG Firewall component permanently (it will not be launched after the next computer startup) please follow these steps:

- Start > Settings > Control Panel > Administrative Tools > Services

- find the "AVG7 Firewall" service in the list of services and double-click it

- change the "Startup type" from "Automatic" to "Manual" (it will be possible to activate the Firewall manually) or "Disabled" (it will not be able to activate the Firewall even manually)

If the AVG Firewall component is installed on the computer which shares the Internet connection into your local network, please do the following to enable this function:

• launch the AVG Control Center
• right-click on the AVG Firewall component and choose the Configure option
• click on the System tab
• find the “Internet Connection Sharing“ rule and allow it (click on the cross next to the name of this rule and choose the Allow option)
• click on the Applications tab
• find the “Various System Services” rule, click on the Edit Application button
• find DNS_Server in the List of rules, click on the Edit Rule button and choose Allow Action
• save all these settings by clicking on the OK button

Note: if any of the mentioned rules are not listed in the AVG Firewall configuration, please run the “Automatic Configuration Wizard” again and this wizard will create them automatically.

If you are not able to establish a connection between your PC and some device using Microsoft ActiveSync 4 and it is possible to establish this connection if the AVG Firewall is disabled, please ensure that the current version of AVG is installed (AVG->Information->About).

1. Please do the following to allow the ActiveSync (versions 4.0 and 4.1 and 4.2) connection:

• Connect your device to the computer
• Launch the "Automatic Configuration Wizard" by right click on Firewall component in AVG Control Center and update the existing configuration if you are asked
• Save the new configuration

2. Please do the following to enable the ActiveSync (version 4.5) communication:

• Connect your device to the computer
• Launch the "Automatic Configuration Wizard" by right click on Firewall component in AVG Control Center and update the existing configuration if you are asked
• Save the new configuration
• Now create a new System rule this way:
• Launch AVG Control Center -> right-click the component Firewall->Configure->System tab
• Click on the "Add rule" button
• Enter name for this rule (e.g. ActiveSync) and click on "Create rule" button
• Find the "ActiveSync" service in the next window and double-click it to move to the "Applied Services" section
• Confirm all settings by clicking on the OK button

For information about AVG Firewall settings for Windows Mobile Device Center communication on Windows Vista operating system, kindly see FAQ 716

If any problems persist, please feel free to contact our technical support.

Please do the following to enable the "Windows Mobile Device Center" (version 6.x) communication on Windows Vista operating system:

• Connect your mobile device to the computer
• Launch the "Automatic Configuration Wizard" (Run AVG  Control center -> right-click the Firewall component -> select "Automatic Configuration Wizard")
• Update the existing configuration if you are asked
• Save the new configuration
• Run AVG  Control Center -> right-click the Firewall component -> select "Configure"
• Switch to the "Applications" tab and find the "Various System Services" rule
• Edit this rule by using "Edit Application" button and click on the "Create Rule" button
• Find the "ActiveSync" service in the next window and double-click it to move to the "Applied Services" section
• Confirm these settings by the OK button
• Now please find the newly created rule in the "List of rules" for the Various System Services and move the rule up by using the "Move Up" button (please note, that it's necessary to move the newly created rule before the "RPC" rule)
• Confirm the settings for "Various System Services" by OK button and switch to the "System" tab
• Click on the "Add rule" button
• Enter some name for this rule (e.g. ActiveSync) and click on the "Create rule" button
• Find the "ActiveSync" service in the next window and double-click it to move to the "Applied Services" section
• Confirm all settings by clicking on the OK button

If any problems persist, please feel free to contact our technical support.

If you have a 64-bit based operating system installed on your computer, some problems could occur if you use more network adapters.

For more details, please follow this link:
http://www.avg.com/doc/Compatibility_x64_issue/lng/us

When an application with denied access is trying to connect to the Internet the
count of the blocked packages does not increase.

Some packets cannot be counted, because we are intercepting some forbidden communication at higher than packet level, so then packets are never even created.
It is a feature.

The AVG Firewall confirmation dialog pops up when you need to decide whether a specific application or service should be allowed to communicate over the network. The dialog is aroused because no particular rule is defined within the AVG Firewall to specify the application’s behavior.



How does AVG Firewall work?
A set of rules is defined within the AVG Firewall. These rules control the behavior of all applications or services that were detected on your computer, and that need to communicate over the network. By default, the AVG Firewall rules are defined automatically by the AVG Firewall Automatic Configuration Wizard but the configuration can be modified by the user as the need arises.

The basic AVG Firewall settings allow you to assign the following values to each rule:

Block – network communication is forbidden in both directions
Allow – network communication is allowed in both directions
Ask – no particular rule is defined, and if the specific application/service tries to approach the network you will be asked to decide whether the communication should be allowed or blocked

Your answer can be saved as a permanent rule which means the next time the application/service asks for the network access, the AVG Firewall will automatically either approve to the request, or deny it.

How do I tell secure/non-secure applications?
Generally it is recommended to keep to the AVG Firewall’s default settings. However, if you still decide to change any rule, or if a new application requires a rule to be defined, you need to make sure it is absolutely safe to allow the application to communicate over the network.

Looking for more information?

Detailed information can be found in the AVG Anti-Virus plus Firewall documentation.
You can also visit the AVG Anti-Virus plus Firewall product page.

There is a new feature embedded in the AVG Firewall component for Full Screen applications (Usually Games). Every time an unknown application attempts to establish an Internet connection, the user is prompted by "Firewall Ask Dialog" to authorize(Allow/Block) new communication. This dialog takes window focus over the Full screen application which is an unwanted action in this case. We recommend the user enable the Game Mode setting(AVG Control Center -> Firewall -> "Enable Game Mode" button). The whole traffic for all kind of Full Screen applications are allowed by default. You can modify this setting under "Application" tab in Firewall configuration, associated rule is called "Full Screen applications (Usually Games)". 
Check box "Detect Full Screen applications (Usually Games)" is equal to "Enable/Disable Game Mode" button.