The alg.exe process is a valid Windows system process that runs in the background. The alg.exe file is a trusted file from Microsoft. This process listens to or sends data on open ports to the Local Network or via the Internet. The process alg.exe can also hide itself, record inputs and monitor applications. ALG stands for Application Layer Gateway.
Application Layer Gateway service is a component of Windows OS. It is required if you use a 3rd party firewall or Internet Connection Sharing (ICS) to connect to the internet. This program should not be terminated in windows task manager or you will lose all internet connectivity until next restart of your computer when the process starts up again.
The executable alg.exe allows applications from a client computer machine to dynamically utilize passive TCP/ UDP ports in communicating with the known ports on the server machine in order to access applications that reside on the machine regardless of the presence of a firewall application.
In order to resolve the issue of the server initiating the connection to the client and the firewall going all berserk, a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port is used for communication i.e. it contacts the server on port 21 (the well-known port for FTP connections is 21), but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV (passive) command. The result of this is that the server then opens a random unprivileged port (P > 1023) on itself and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server for transfer of data.
The process alg.exe uses the port 1025 by default for listening. The alg.exe file’s absence would cause the security protocols to block communication ports.
The conversion of the address information for the network layer can also be handled by the alg.exe process, which extracts the data from the application payload residing within the acceptable address dictated by the host from either side of the NAT or the firewall.
The function associated with the process alg.exe is similar to that of a proxy server that resides between the communication line of the client and the actual server machine to facilitate the data exchange.