What is Alg.exe and What is its Function?

Alg.exe Process Summary:

Process Name:  Application Layer Gateway Service

Owner/Developer:  Microsoft Corp.

Part of : Microsoft Internet Connection Sharing (ICS)/Windows Firewall

Valid Location : C:/Windows/system32/      (How to Find Process Location)

Virus/Spyware Threat Alg.exe can be targeted – Needs to be in its Valid location.

What is Alg.exe?

Alg.exe is a core process of Microsoft Windows OS XP as well as Windows Vista. Alg.exe facilitates the connection of various 3rd party application and programs with the Internet. Examples of such programs are your FTP software, IM clients etc. It works as a supplement with Windows Firewall and lets the applications communicate with the server via various TCP/UDP Ports present on the computer.

If you terminate the Alg.exe process the computers security protocol would shut down all the communication ports on your system and you would lose your internet connection.

Where is Alg.exe located:

The location of a specific process lets you know if the process is genuine and isn’t being run by a virus or spyware. The correct location of Alg.exe is C:/Windows/system32/ …… If located in another location chances are your computer is infected by a malware, which is trying to imitate the Alg.exe process. You can check the location of this process via the Windows Task manager in the “Processes” tab.
You can read the more about how to locate a processes in Windows XP and Vista. As shown in the image below, in Windows Vista you can simply right click on the process name and get to its location. Its not the same in Windows XP


How to confirm that Alg.exe on your computer isn’t compromised by Malware:

There are a few steps to check if the process you are looking at is a genuine process and isn’t a spyware.

The best way to do this is to use Sysinternals Process Explorer. It has a unique feature which lets you check if the process is indeed genuine. You can read more about downloading and using the Process Explorer here.

Open Process Explorer and locate Alg.exe in the listed processes. Right click on it and click on “Properties”. Click on the “Image Tab” in Properties window.

Here it shows both the actual location of the process as well as tells us if the process has been digitally verified with the owner (in this case Microsoft Corp).As seen it says its not verified. Click on the verify button and Process Explorer will cross check with the Microsoft servers if the file that is being compared is a legitimate process and hasn’t been replaced or compromised in someway. Each process has a unique digital signature and if Process Explorer shows that the process has been verified you can be fairly certain that the process you see running is legitimate.

You can also view the verification status of a process in the main windows of Process Explorer. As you can see that the process has been verified, ason the extreme right corner, whereas others have not. Hence we can conclude that the Alg.exe process that is running in our Windows is genuine.

If you have questions or more useful information about this process, fire away in the comments.

