AVG Firewall and SVCHOST issue, constantly blocking UDP 161

Assistance with AVG Internet Security and AVG Internet Security Home Edition

Moderator: Moderators

AVG Firewall and SVCHOST issue, constantly blocking UDP 161

Postby trappedatuf » Wed Jan 06, 2010 2:51 am

I'm facing an odd issue. My resting CPU usage is waaay to high! My laptop used to be nice and cool but now the fan runs constantly and resting CPU is around 11% to 15%. So that tipped me off there was a problem. I have run a full AVG Internet Security v9 system scan (no issues) as well as a Spybot and I have no issues.

Also, a big issue is that after a bit of usage, wvgfws9.exe starts eating a lot more CPU. It used to never do this. I looked at the logs and it seems that AVG Firewall is CONSTANTLY blocking SVCHOST from talking to remote port 161 (via UDP) and it's always trying from different local ports. The IP it's trying to reach is 192.168.1.9, and that's my Brother Wireless Printer.

I am attaching a screenshot of the log right here. As you can see it's blocking about 3 to 5 requests per a minute, but the number of requests seems to grow as time goes on (see the second screenshot)!

Is this a problem (yes, I'm sure it is). I terminated the svchost process causing the issue and that stopped it, but it's just going to come on again when I restart... how can I stop this?
Attachments
avg_svchost_issue2.gif
Second screen cap of log showing more blocking by AVG firewall
avg_svchost_issue2.gif (96.38 KiB) Viewed 2226 times
avg_svchost_issue.gif
First screen cap of log
avg_svchost_issue.gif (64.42 KiB) Viewed 2226 times
trappedatuf
AVG Wannabee
 
Posts: 2
Joined: Wed Jan 06, 2010 2:22 am

Advertisement

Re: AVG Firewall and SVCHOST issue, constantly blocking UDP 161

Postby sc123 » Wed Jan 06, 2010 4:34 pm

Try adding an exemption for that port and see if it lowers the CPU usage.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2094
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Re: AVG Firewall and SVCHOST issue, constantly blocking UDP 161

Postby trappedatuf » Wed Jan 06, 2010 5:02 pm

I'll have to Google to see how to add an exemption. I stopped the process and it solved the issue, but I am sure now I won't be able to print to my printer.

Anyone know what that process is doing exactly trying to talk over UDP Port 161?
trappedatuf
AVG Wannabee
 
Posts: 2
Joined: Wed Jan 06, 2010 2:22 am

Re: AVG Firewall and SVCHOST issue, constantly blocking UDP

Postby justjim » Tue Sep 28, 2010 9:14 am

Here is some more information:

First, I'll post some keywords for search engines to find. AVG Firewall Wireless Printer HP J4680 J4600 Dell Lexmark

1. Bring up AVG.
2. Click on History at the top, then firewall below that.
3. You should see your firewall logs sorted so that the latest date is at the bottom. You'll probably see UDP port 427 being blocked.
4. If you have the right one being blocked it will be associated with SVCHOST.EXE.
5. Right Click on that line and choose "Edit Rule in .......".
6. That will bring up the ruleset that controls what is allowed by SVCHOST.EXE.
7. Click Add.
8. Under Protocol, click on TCP. In the Change Protocol window, click on UDP.
9. Under Direction, click Out. In the next window, click Both Ways.
10. Under Local Ports, click Undefined. In the next window, click ALL Ports.
11. Under Remote Ports, click undefined. In the next window, click user selected ports and add "161, 427" to the blank list.
12. Under Remote addresses, click undefined. In the next window, choose Safe Networks (that should include Local Networks below it) and then hit Add IP. In that window, leave the setting of One IP with 0.0.0.0. -- this is a quirk of svchost.ext. click OK to work your way out to the Change Rule Detail.
13. Click Allow for all and change to Allow for Safe.
14. Check the Log this rule detail activity.
15. Change the Rule Detail Name to something like "Wireless Printer Ports".
16. Click OK.
17. Now you should see your rule at the bottom of the rule list and the one above it called Terminate.
18. Click on your rule and then click Move Up to place it above Terminate or it won't work because the firewall does these rules in order and if it hits terminate before it gets to your rule, it stops there and prevents other rules from firing.
19. Click Apply and then go look at the rules. The printer should be working now.
20. If you see an IGMP message that is your router doing some work. You add IGMP messages in System Service and then click Manage User System Rules.
a. Protocol IGMP, Direction Both Ways, local ports is set to all ports, remote ports is set to all ports.
b. remote addresses are safe network, local networks and 224.0.0.0/4 (added by clicking add IP and in IP address/mask put an address of 224.0.0.0 and a mask of 240.0.0.0)
c. Allow for safe
d. Log rule activity
e. Click OK
f. Click Apply.
justjim
AVG Wannabee
 
Posts: 2
Joined: Tue Sep 28, 2010 8:38 am


Return to AVG Internet Security

Who is online

Users browsing this forum: Bing [Bot] and 1 guest