FAQ

The problem is that the Windows RPC system service is blocked, by default, in the AVG Firewall configuration. You can allow this service in System services but it is not secure. It is suggested that you create a new system service which will allow incoming TCP communication to local port 4899. If you change the default Remote Administrator port, you will have to set a system rule for the correct port.

You can change AVG Firewall configuration this way:

• Open the AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> System services.
• Click on the Add button.
• Type a brief name of this new rule (e.g. Remote Administrator) and the System rule details switch to Allow for all.
• Click on the Add button and then on the Add service button.
• Fill in the Service item name column (e.g. Radmin) and click on the Add button.
• Protocol - TCP, Direction - In.
• Local ports - 4899 (or as specified in Remote Administrator application).
• Remote ports - "*" (without quotes).
• Click on the OK button.
• Tick in the Radmin service in the list of Defined services.
• Save the settings by clicking on the OK button.

It is possible that MS Outlook will not be able to connect to your MS Exchange server after installation of AVG program with Firewall component. This is because the Windows RPC service (required for that type of communication) is not allowed by the AVG Firewall configuration for security reasons. In this case we recommend that you to re-configure the AVG Firewall to allow the RPC service. However we also recommend that you only allow this service for trusted subnets (safe networks) in configuration of AVG Firewall this way:

• Open the AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select Profiles -> your default profile -> System services.
• Find the Windows RPC Service and choose the Allow for safe option from the System rule details section.

• Please go to Profiles -> your default profile -> Defined networks.
• Click on the Add network button.
• Type a brief name for your network and tick the Network is safe option.
• Click on the Add IP button and specify the network range.
• Save the settings by clicking on the OK button.

In case of any further problems please contact our AVG Technical Support team.

The default setting for the Windows RPC Service in AVG Firewall is Block. The correct configuration of the RPC service is very important for your computer's security. Because of this, we recommend that you carefully consider its configuration. We also recommend that you only allow the RPC service for IP addresses of computers that must use the RPC service with your computer, or only for the safe network.

We would recommend you to allow the Windows RPC Service in AVG Firewall to Allow for safe and create a new safe network using the following steps:

• Open the AVG User Interface.
• Choose the Firewall settings from the Tools menu.
• Select Profiles -> your default profile -> Defined networks.
• Click on the Add network button.
• Type a brief name for your network and tick the Network is safe option.
• Click on the Add IP button and specify the network range.
• Save the settings by clicking on the OK button.

If you are not sure about these settings, we recommend that you contact your system administrator.

You can read more about the RPC service and the possible consequences of incorrect settings in AVG Firewall at:

http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx

You need to enable Microsoft file sharing and printing in the system services. Please proceed as follows: 

• Open AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> System services.
• Choose the Microsoft file sharing and printing service.
• Switch the System rule details from Block to Allow for all.
• Confirm changes by clicking on the OK button.

If the PC is connected directly to the Internet, please restrict this rule to only safe networks. Such network should be created this way:

• Open AVG User Interface.
• Choose the Firewall settings option from the Tools menu.
• Select Profiles -> your default profile (e.g. Standalone computer) -> Defined networks.
• Click on the Add network button.
• Type a brief name of your new network (e.g. Local network).
• Tick in the Network is safe option.
• Click on the Add IP button.
• Please specify the network range and click on the OK button.
• Open the Microsoft file sharing and printing service again and switch the System rule details to Allow for safe.

Note: By default Microsoft file sharing and printing service is enabled only for safe networks in the Small home or office networks profile. When using this profile please create a new safe network using the steps above.

If you encounter any further issues with enabling of Microsoft file sharing and printing service, please contact our AVG Technical support team.

The AVG Firewall configuration to allow a VPN connection is based on the used VPN solution. In case of Microsoft VPN connection, please refer to FAQ 1343. For CheckPoint VPN connection, please follow FAQ 1217. 

When using some other VPN solution, the rules to be allowed in AVG Firewall are based on the type of VPN connection. There are four rules in AVG Firewall related to VPN communication:

• ESP protocol
• GRE protocol
• L2TP VPN
• PPTP VPN

In order to allow the VPN connection you are using, please proceed as follows:

1. Open AVG -> menu Tools -> Firewall settings.
2. Expand Profiles -> <your profile> -> System services.
3. Allow rules GRE protocol and PPTP VPN (select each rule and in the System rule details select Allow for all).
4. Save the Firewall settings and check whether it is possible to connect to the VPN server.
5. In case the connection is blocked, Block rules GRE protocol and PPTP VPN, and Allow for all rules ESP protocol and L2TP VPN.
6. Save the Firewall settings and check whether it is possible to connect to the VPN server.

In case the VPN connection cannot be established, please contact our technical support using the option in AVG menu Tools -> Get Help Online.

To allow the communication of ActiveSync application, please make sure you are using the latest version of this program (4.5 or higher), and then proceed as follows to allow it in AVG Firewall:

• Connect the device to the computer.
• Open AVG, double-click on Firewall component and select Configuration wizard.
• Save the newly created configuration.
• Then please create new system  rule in AVG Firewall:
  • Run AVG -> menu Tools -> Firewall settings -> name of used profile -> click on System services -> Add.
  • Fill in the rule name (e.g. ActiveSync), in System rules details please choose Allow for all.
  • In the System rule action click on Add, and in the bottom list of services tick the ActiveSync service
  • Make sure the rule is created correctly and save the configuration.

In case of any further problems with ActiveSync communication, please contact the AVG Technical Support team.

Please do the following to enable the "Windows Mobile Device Center" (version 6.x) communication on Windows Vista operating system:

• Open AVG.
• Open menu Tools -> Firewall settings.
• Expand the profile you are using from the Profiles section.
• Select the Applications item.
• In the Applications double click on the Various System Services application.
• Click the Add button in the section Application detail rules.
• Click Move up button until the new detail (e.g. '13') is in the first place of the list.
• In the section Defined services please tick the ActiveSync service.
• Select Allow for all under the Detail action option.
• Confirm the new configuration by clicking the OK button.

It will be now possible to connect the device to the computer. If any problem persists, please feel free to contact our technical support.

To allow the Microsoft VPN connection in AVG Firewall, please proceed as follows:

• Open AVG -> menu "Tools" -> "Firewall settings".
  
• Expand your profile, select "Defined networks" and create a new network for your VPN gateway:
• Click "Add network" -> fill in network name (e.g. 'VPN network') -> "Add IP".
  
• Select "One IP address" and fill in the IP address of your Microsoft VPN server/gateway (the address to which you are connecting).
• Click "OK" twice.
• Switch to "Defined services" and create a rule allowing Microsoft VPN:
• Click "Add service" -> fill in the service name (e.g. 'VPN service')
  
• Click "Add" and create the following rules:
• Custom protocol; Custom protocol number: 47; Direction IN; Local ports: 0; Remote ports: 0
• Custom protocol; Custom protocol number: 47; Direction OUT; Local ports: 0; Remote ports: 0
• Protocol: TCP; Direction IN; Local ports: 0; Remote ports: 1723
• Protocol: TCP; Direction OUT; Local ports: 0; Remote ports: 1723
• Protocol: UDP; Direction: IN; Local ports: 0; Remote ports: 0
• Protocol: UDP; Direction: OUT; Local ports: 0; Remote ports: 47
• Click "OK" to save the service.
• Now switch to "System services" and create a rule that will use the created service for the created network:
• Click "Add" -> fill in the rule name (e.g. 'VPN rule').
• Set the "System rule details" to "Allow for all".
• In the "System rule actions" click "Add".
• In "Defined services" tick only the created service ('VPN service').
• In "Defined networks" tick only the created network ('VPN network').
• Click "OK" to store the Firewall configuration, and verify that the communication is allowed now.

This way, the communication of the Microsoft VPN will be allowed as safely as possible, without limiting the connection. In case you experience any problems, or require assistance with one of the steps, please do not hesitate to contact our Technical Support.

On Windows XP/2000, The CheckPoint VPN-1 SecureClient requires specific configuration of the AVG Firewall, which consists of allowing all UDP communication to the IP address of your VPN gateway. Here are the steps how to create a rule allowing this communication:

Note:
This configuration is not necessary on Windows Vista.

• open AVG User Interface - menu Tools - Firewall settings
• expand your profile - Defined networks - click "Add network"
• fill in the network name (e.g. CheckPoint network) and click "Add IP"
• select "One IP address" and fill in the IP address of your VPN gateway (can be provided by your network administrator)
• select "OK" twice
  
  
• in the left tree, please move to the "Defined services" - click "Add service"
• fill in the service name (e.g. CheckPoint service) and click "Add", then fill in the details:
• Protocol: UDP
• Direction: Both
• Local ports: *
• Remote ports: *
• select "OK" twice
  
  
• switch to "System services" and click "Add"
• fill in the rule name (e.g. CheckPoint rule)
• change the rule detail to "Allow"
• in System rule action click "Add" and in the bottom part:
• on the tab "Defined services" tick only the created service (CheckPoint service)
• on the tab "Defined networks" tick only the created network (CheckPoint network)
• click "OK" to save the whole configuration
  
  

In case of any problems with this configuration, or if the VPN connection remains blocked, please contact our technical support.

To allow the connection between XBOX and computer with AVG Firewall, please proceed as follows:

1. Open AVG -> menu Tools -> Firewall settings.
   
2. Open section Profiles -> your profile -> Applications.
   
3. Click Add button -> "..." button next to the Path.
   
4. Browse to:
   c:\Program Files\Windows Media Player\wmpnetwk.exe
   
5. Make sure that Application action is set to Allow for all and click Apply.
6. In the left tree, please switch to application Various system services.
   
7. In the Application detail rules click on Add button and then click Move up button until the new entry (represented by a number, e.g. 12) is on the first place in the list.
   
8. Set Detail action to Allow for all.
   
9. In Defined services click on Add service.
   
10. Fill in the service name (e.g. XBOX) and click Add button.
    
11. Fill in the following settings of the rule:
    
    
    • Protocol: TCP
    • Direction: Both ways
    • Local ports: 2869
    • Remote ports: *
12. Click OK to store the newly created rule and also the service.
    
13. In the list of Defined services, please scroll down to the created XBOX service and tick it.
    
14. Click OK to store the whole AVG Firewall configuration and test the connection.

In case you will experience any further issues with the XBOX connection, please feel free to contact our technical support.

To allow the connection between XBOX and computer with AVG Firewall, please follow this step-by-step guide:

1. Create a safe network in the AVG Firewall configuration

• Open AVG User Interface. 
• Choose the Firewall settings option from the Tools menu. 
• Select Profiles item -> your firewall profile -> Defined networks. 
• Click on the Add network button. 
• Type a brief network name (e.g. Local network). 
• Tick in the Network is safe option. 
• Click on the Add IP button. 
• Fill in the needed values defining your local network. 
• Confirm with the OK button.

Note: Detailed information about Safe networks can be found in the FAQ 1218.

2. Allow the Windows Media Center communication for the safe network

• Open AVG -> menu Tools -> Firewall settings. 
• Open section Profiles -> your profile -> Applications. 
• Click Add button -> "..." button next to the "Path". 
• Browse to c:\Program Files\Windows Media Player\wmpnetwk.exe
• Make sure that Application action is set to Allow for all.  

• Select Various System Services in the Applications list. 
• Click Add button in Application detail rules section, and then Move up button until the newly created detail is in the first place of the list. 
• Change Detail action to Allow for safe. 
• Click Add service in Defined services section and fill in the name (e.g. "XBOX 1"). 
• Using the Add button please create the following rule:
  • Protocol: TCP
  • Direction: Both ways
  • Local ports: *
  • Remote ports: 1000 – 1300, 3391 
• Tick the ‘Media Center 1’ in the list of Defined services and click Apply. 
• In the left tree, please switch to System services. 
• Click the Add button and fill in the name (e.g. 'XBOX'). 
• Change the System rule details to Allow for safe. 
• Click Add button under System rule action section. 
• Under Defined services please click Add service button and fill in the name (e.g. "XBOX service"). 
• Using the Add button, please create the following rules:
  • Protocol: TCP
  • Direction: both ways
  • Local ports: *
  • Remote ports: 1000 - 1300
  • Protocol: TCP
  • Direction: OUT
  • Local ports: *
  • Remote ports: 3391
  • Protocol: UDP
  • Direction: IN
  • Local ports: 9, 1900
  • Remote ports: 1000 - 1300 
• Click OK to store the newly created service. 
• In the list of Defined services, please scroll down to the created XBOX service and tick it. 
• Click OK to store the whole AVG Firewall configuration and test the connection.

Should the issue still persists, please do not hesitate to contact AVG Customer Services as described in FAQ 1467.

In order to allow communication with the Belkin Network USB Hub please proceed as follows:

• Open AVG User Interface. 
• Choose the Firewall settings option from the Tools menu. 
• Expand your default profile from the Profiles section. 
• Select the Applications item. 
• Press the Add button on the right hand side. 
• Use the "..." button to enter the path to the program executable:
  • C:\Program Files\BELKIN\Network USB Hub Control Center\Connect.exe 
• In case the name of the application is not entered automatically after the application selection, please type a name for the rule (e.g. Network USB Hub Control Center). 
• For Application action select Allow for all. 
• Press the OK button to confirm changes.

To allow the blocked ports, please proceed as follows: 

• Open AVG User Interface -> menu Tools -> Firewall settings -> your profile -> Defined services -> click on the Add service button. 
• Name the service (e.g. Network USB Hub Control Center service). 
• Push the Add button to add the following items:
  • protocol UDP, direction IN, local port 19540, remote port *
  • protocol TCP, direction OUT, local port *, remote port 19540 
• Save the service.
• Click on the System services in the tree on left side. 
• Push Add button on right side. 
• Name the system rule. 
• Set the action to Allow for all. 
• Push Add button in the System rule action. 
• Select and enable the previously created service in the Defined services list (Network USB Hub Control Center service)
• Save the Firewall settings.

In case that this FAQ did not solve your issue, please contact us directly from the AVG program, menu Help -> Get Help Online, or via AVG Technical Support contact form.