Does anyone know what this security alert means?

I just received a designated Low Risk Alert from Symantec stating that "a remote system is attempting to access alg (as in alg.exe - apparently some Windows system file) on my computer." The recommended "What do you want to do?" answer is Allow Always. I'm having some misgivings about that since it is a Windows system file. My inclination is to permanently block access although the alert does say the file has been modified since it was last used (not by me, that's for sure!). Has anyone had experience with this before? What say you? Should I allow it as recommended or permanently block access?

Thanx in advance!

That is, do you have Internet Connection Sharing enabled?

As far as I know, that's the only legitimate reason alg.exe (application layer gateway) should access the Internet.

If you're not, I'd block it. It's not a threat in and of itself, but parasites can attach themselves to it. If something stops working, unblock it after making sure it's a legitimate file.

As to the modifying, that could have happened if you installed a patch lately. Or, something you don't want messing with things could have done it. It's possible alg.exe had been flagged as ALLOW before, got modified by a patch, and thus needs to be allowed again if it's actually being used for a legitimate purpose.

You should run a complete system scan with a virus checker other than Symantec and also a spyware with tools like Spybot and AdAware.

I don't share an Internet connection, but who knows how these things get started? Anyway, I decided to block it on a one time basis just to be safe leaving open the option to permanently block it if the alert should recur. I do have the spyware tools you mentioned as well as a non-Symantec virus checker. As per your recommendation, I will run all. After initially blocking access, I rebooted just to see if everything still worked. All seems fine at the moment, but again I will take your advice.

Many Thanks!

AFAIK, the only thing system related thing it's necessary for other than connection sharing is the Windows firewall.

So, if anything stops working, it would be an individual application.

:thumbsup: :hi: :thumbsup: :hi::thumbsup: :hi:

ALG.EXE is part of the Internet Connection Sharing application and the Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall.

If the Symantec firewall warns you that ALG.exe wants access the internet, check to make sure you're not running the Windows firewall along with the Symantec firewall. If you are, disable the Internet Connection Firewall (ICF).

If your system is virus/spyware free, allow access.

to be able to have your product installed on new computers with a 30 day trial without the consumers permission.
Then scare the shit out of people to the point that they will gladly sign up for a full year of “protection” what a fucking scam.
I wish I could force Symantec to install Scott Joplin’s “The Entertainer” sound track to go along with the free trial so maybe people would recognize the sting is in place and working.
I do not have a firewall installed (this is not to say you should not) I even have my XP firewall turned off, all I use is my router and I have not been “attacked” in years.


Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country.”
Hermann Goering, Hitler’s Reich-Marshall