Is ALG.EXE needed for CPF to run? It's a MS firewall/ICS file. I want to kill it

Hey does anyone know if CPF needs to use ALG.EXE to function? I know it’s used for the MS firewall and for Internet Connection Sharing however I’d like to disable it if I can since it always sits in the task manager and is a frequent target for malware and trojans. Can I disable it?

Welcome to the forums, rockstarman!

I’ve disabled the Application Layer Gateway service (which alg.exe is a part of) on my system, and have no problems.


How do you disable application layer gateway without disabling ALG.exe? Besides ICS and the ms firewall what else is this used for? If I disable the ALG.exe will that cause more problems? Is that why you didn’t disable it and instead opted just to only disable part of it?

Yep, I’ve had it switched off for ages, never a problem. I do not use any Microsoft firewall, antivirus/malware tools, I did try the malware tools but a bit resource hungry and just a trifle invasive into my system, kinda like the opposite of what a clean program should be IMHO.

Anyway ALG off in services no probs.

Comodo Firewall, Avira Antivir, Firefox all go well.


Go to start/run, type in “services.msc”. This opens the Windows Services interface. Double-click ALG, change startup type to Manual (if not there already) or Disabled. You will then need to reboot for that change to be in effect. Without the service running, alg.exe will not get called to start automatically. Not sure how you would plan to disable an executable at the system level, other than deleting it, which I wouldn’t recommend as you might need it later… A HIPS might be set to block it from running, but it’s really much easier just to disable the service entirely, IMO.

If the service is disabled (rather than a manual start), alg.exe will not run. That way, if you find that you need it (ie, something isn’t working right), you can change it back to the previous setting, reboot, and you’re back in business. It is recommended to make limited changes to the startup value of Services; some may be needed on some systems, not on others, and if you only change a couple at a time, it is easier to track down and fix a problem created by the change.

In addition to ICS and XPFW, it looks like it’s probably need for FTP, and perhaps some aspects of client-side NAT operations. Some sites recommend leaving it to run, and say that it is needed for 3rd party firewalls; I have not seen that disabling it interferes with the operation of CFP.


The only time i had to use alg was with an ftp connection. I hope this helps.