hotComm Logo

FAQ - Firewalls

Document number: faqF
Copyright (c) 2001-2010 1stWorks Corporation. All rights reserved.

About Firewalls and Security Software

Your firewall, security or privacy software may prevent you from connecting to the 1stWorks Network or to a hotComm room.

For information about specific firewalls, see:

Firewalls Routers
Agnitum Outpost
CA Internet Security (Computer Associates)
Etrust EZFirewall
Iolo Firewall and System Mechanic Pro
McAfee Security
NetDefense (V-Com)
Norman Personal Firewall
Norton (NIS, NPF)
PC-cillin (TrendMicro)
PCSecurityShield (The Shield Deluxe)
Rogers Yahoo! Online Protection
SystemSuite (V-Com)
TrendMicro Internet Security
Windows XP Firewall
Zone Alarm
Other Configurations that may block connections

BorderNet (2-way satellite)
Directway Satellite
Ositis WinProxy Firewall (Starband dish satellite)

What to do

hotComm stays "Signed Out"
This means hotComm can't connect to the 1stWorks Network at all.

  • Set your firewall to a Medium security setting that allows outgoing TCP connections through all ports, to any computer. This is often the default setting for personal firewalls and routers.

  • Configure the firewall to allow access to the hotComm application, which may include: hotcomm.exe, hcreg.exe, and/or making a connection to a DNS server.

    If the firewall product challenges hotComm, choose to always allow it.

    Note: Expect your firewall product to challenge hotComm again after every hotComm update.

The room connection keeps ringing, or says that the room is not found The most common reason for this is there is a typo in the room address you are using.

Assuming that you are using the correct room address, this may mean that your firewall or security software is allowing hotComm to connect to the 1stWorks Network, but is not allowing it to make the second connection to the relay server the room is on. Some firewalls that do this are Kaspersky and VCom System Suite (NetDefense).

You must configure your firewall to allow hotComm to scan ports, scan all network traffic, and perhaps other settings. Consult your firewall vendor if we do not have configuration information for your firewall. We will be happy to work with your firewall vendor if it helps you.

In some cases, you may need to uninstall all firewalls including remnants of previously installed firewalls. Then test hotcomm. If it connects, then reinstall your firewall and configure it correctly.

In our opinion, if your firewall challenges you to allow a product to access the Internet, it should allow any type of access by that application. Reinstall your firewall and configure it correctly for hotComm.

Referer Error
If you CAN connect to the 1stWorks Network, but you are prevented from using a hotLink in a password-protected area of a website to connect to a hotComm room, configure your firewall to allow information about the visited site (the referer) to be sent to the room's hotComm relay server.

If you are planning to use hotComm in a peer-to-peer connection, configure your firewall to:

  1. Allow outgoing TCP connections through all ports, and
  2. Also allow incoming TCP connections through one of the hotComm ports.

    See: Firewalls: Routers & Ports

Online Status and what it means

The Online Status message appears in the lower right of the bottom line of your hotComm window.
  • Online-Proxied

    If outgoing TCP connections are allowed, but incoming connections are blocked, then your online status shows as Online-Proxied.

    If you are connecting to a Room, then Online-Proxied and Online-Direct provide equally good performance.

  • Online-Tunnelled

    If both incoming and outgoing TCP connections are blocked, then your online status shows as Online-Tunnelled. In this case, hotComm connections are sent through an HTTP tunnel. Performance through a tunnelled connection can be slow and flawed, and you may not see posts by all participants.

  • Online-Direct

    If both incoming and outgoing TCP connections are allowed, then your online status shows as Online-Direct. (This appears on the right, on the bottom line of your hotComm window.)

    If you are connecting to a Room, then Online-Proxied and Online-Direct provide equally good performance.

    You must be Online-Direct to use:
    • Call Group Manager or Service Agent modes
    • Content Relay Server mode
    • TreeCast / SuperJava mode
    • WebCam
    • Remote Dynamic Desktop
    • or accept incoming connections from hotComm CL or hotComm Lite clients

    In-coming hotLink connections from a Java or hotComm Standard/Pro client require outgoing TCP connections, although both incoming and outgoing are prefered.

    In a hotComm-hotComm peer-to-peer connection, one of the people in each pair should be Online-Direct.

Proxy Server

As of hotComm revision 1.00.019, all in-coming connections (including IM-Live and ezPeer) use the hotComm Proxy Server if direct connections fail.

For fastest connections, we recommend that you open ports as described in this document.


1stWorks is sensitive to the plethora of viruses spread through open ports on computers and has taken significant precautions to filter any non-hotComm messages to its open ports. Messages are not stored on the computer stack and therefore are not susceptible to execution upon overflow. If hotComm receives incorrectly formatted transmissions it immediately closes the inbound ports and, if the sender is HTTP, returns an error to the sender.

How do I configure anything else?

Most router / modem / firewall manufacturers have websites that include answers to the question: "How do I open ports?" Often, the questions are asked by online gamers, so the questions might look like this: "How do I play (game name)?"

The words differ from vendor to vendor.

In general, to find information:

  1. Find the website for the manufacturer of your router / modem / firewall.
  2. Go to their Support area.
  3. Find their FAQ (frequently asked questions) or Knowledgebase.
  4. Search for any of these: "ports", "online gaming", "ICQ", "Netmeeting". Usually, you can find information on how to open up ports. In some cases, the information tells you what to do, but you need to look in the User's Manual to find out how to do it.

Agnitum Outpost firewall

The Agnitum Outpost firewall can prevent you from connecting from some rooms. If you get a "Referer Error while connecting to room" message, you can configure the firewall to eliminate the problem.

The following information is from Agnitum:

Some sites require that all or several of its active content elements be allowed to run for their pages to display or function correctly. If you make the settings for all sites very restrictive, you can experience the following problems: images not being displayed, a web page not showing at all, a web page displayed incorrectly or some useful services contained in applets not working. If this happens with only a few sites, add those sites to the exclusions lists of the Active Content and Ads plug-ins.

For the Active Content plug-in:

1. Right-click the Active Content plug-in name in the left panel of Outpost's main window and select Properties on the shortcut menu.

2. Select the Exclusions tab and click Add.

3. Specify the site address, for example,, and click OK. [For hotComm, the site address is the relay server your room is on, such as: or or]

4. Specify the settings for that site and click OK. [For hotComm, click on Referrers and click Permit.

If this does not resolve the problem, please follow the instructions at


11/11/2010 - Avast may block hotComm from connecting to the hotComm Registration or Location servers, so you may not be able to register or get "Online". There are different versions of Avast; the most current version seems to learn heuristically and decides whether to allow or block based on its own rules.

These steps often resolve Avast issues:

1. Uninstall your hotComm product.
2. Re-start your computer.
3. With Avast running, re-install the hotComm product. If Avast challenges hotComm, be sure to allow hotComm all rights and permissions.

Avast Exclusion Lists
The following instructions come from a customer for configuring the Avast Exclusion lists (version of Avast unknown):

For Standard Shield provider (on-access scanning):
1. Left-click on the avast-ball in the tray area, click on the provider icon at left and then click on "Customize".
2. Then go to the "Advanced" tab and click on the "Add" button...
3. Browse to hotComm.exe and add it to the exclusions list (see locations below).

For the other providers (on-demand scanning (such as the screensaver) or the Simple user interface):
1. Right-click on the the avast-ball, then click on "Program Settings"
2. Go then to the "Exclusions" tab and click on the "Add" button.
3. Browse to hotComm.exe and add it to the exclusions list (see locations below).

Your hotComm.exe is in one of these locations:

   c:/Program Files/1stWorks/hotComm/BIN/hotcomm.exe
   c:/Program Files/1stWorks/hotCommLite/BIN/hotcomm.exe
   c:/Program Files/1stWorks/hotCommCL/BIN/hotcomm.exe


AVG may challenge hotComm when hotComm starts. If so, tell AVG to Allow All.

3/23/10 - AVG blocked a customer. His hotComm headset icon was yellow/white. To fix this:

  1. He closed hotComm.
  2. Then he opened the AVG firewall settings
  3. In the Firewall topic, he chose to Allow All.
  4. When AVG acknowleged the change, he re-started hotComm.
  5. The hotComm headset icon turned red and blue, and he could join the room he wanted.

Bordernet 2-way satellite

hotComm interprets the BorderNet connection as a proxy server, and sets itself to be Online-Tunnelled. Users are able to connect, but find that audio is broken, they may have difficulty sending and receiving typed messages, and other symptoms of a poor connection.

Bordernet has some similarities to a proxy server, but you can set up exceptions so that you can connect directly to the hotComm servers.

From a customer: "The exceptions are the exceptions to going through the proxy server. This is what the Bordernet people suggest trying since it would mean that the server would be going straight to the site and not through a proxy."

We gave him a list of addresses to put into Bordernet as exceptions. Then, in hotComm, he clicked the Online-Tunnelled message, checked Directly, clicked OK, closed hotComm, waited 20 seconds and restarted hotComm.

The addresses we gave him were:

where relay-server is the hotComm relay his room is on.

CA Internet Security (Computer Associates)

7/9/08 - CA Internet Security does not usually prevent people from connecting to the 1stWorks NetWork. It can prevent you from connecting to a relay server room, or from connecting with one of our older "Jreferer" links.

If you are unable to connect to a relay server room, disable Parental Controls and disable Pop-up blocking.

If you are unable to connect using one of our older "Jreferer" links and you get a "Referer Error" message, configure Privacy Controls to allow private header information.

After you have configured CA Internet Security, close open Internet browser windows, delete temporary internet files, restart hotComm and then retry your connection.

Disable Parental Controls

If you are using Parental Controls and they are enabled, please try disabling them with the below steps:
  1. Right click the CA Parental controls icons located in the Windows toolbar task tray to open up the menu and select Log-in option

  2. Select Administrator

  3. Enter Administrator password

CA Parental controls will now work under “Free Access” with no filtering


If you haven’t enabled the CA Parental Controls
  1. Right click the parental controls icon located in the Windows toolbar task tray to open the menu and select Turn-off option

  2. Enter Administrator password

  3. Parental controls will now work under “Free Access” with no filtering

Disable Pop-up blocking
Disable the “Mobile Code Control” to turn off the Add/Pop-up blocker feature:
  1. Open CA Firewall (right click the shield icon in the Windows toolbar task tray and select Open CA Personal Firewall)

  2. Select Privacy (left panel)

  3. Use slider to turn to off

Allow Private Header Information in Privacy
Uncheck “remove private header information” through these steps
  1. Select Privacy

  2. Select Cookie Control, click Advanced tab

  3. Under Third party cookies, uncheck “Remove private header information”, click ok

Etrust EZFirewall

EZFirewall is a branded version of Zone Alarm Pro. Please see our instructions for
  • Zone Alarm.

    Note that if you are trying to set Private Header Information (Referer), you must use the instructions for adding a specific site to the Privacy Site list.

    Information about EZFirewall is at

    Iolo Firewall and System Mechanic Professional

    10/5/07 - we are currently working with Iolo technical support to determine how to configure the Iolo Firewall and System Mechanic Professional 7 to allow hotComm to connect successfully.

    Unfortunately, until this issue is resolved, you cannot run hotComm while the Iolo product is installed. You must uninstall Iolo in order to run hotComm.

    1/21/08 - If you uninstall Iolo, and you still can't connect with hotComm, please see instructions from Iolo on how to remove remnants of their software, in the FAQ DBA-01964 - I can't establish an Internet connection after uninstalling System Mechanic 7 Professional or iolo Personal Firewall, at

    Norman Personal Firewall

    This information comes from, through the following path: Support » Frequently Asked Questions » Norman Personal Firewall » What is a referrer, and how do I stop referrer blocking?

    What is a referrer, and how do I stop referrer blocking?
    Whenever you click on a link to go to a new web page, your browser automatically tells the new web site where you came from. This URL of the page you came from is known as the "referer" and is passed in a hidden part of the conversation between your browser and the web server providing the new page. This can be deemed to be an invasion of your privacy.

    To disable referrer blocking, right click the NPF icon in your system tray and choose Block referrer and then choose No. This should resolve the problem you are having.

    PCSecurityShield (The Shield Deluxe)

    10/12/07 - The Shield Deluxe

    The Shield Deluxe includes firewall features and is powered by Kaspersky. Please follow the directions in our article on Kaspersky 6.0 for configuring The Shield Deluxe to allow both the initial connection to our location server and the secondary connections to the relayservers your rooms are on, at

    5/27/08: For the Shield Deluxe 2008 and prior, follow instructions for Kaspersky 6.0.

    Like Kaspersky, The Shield Deluxe asks if you want to allow hotComm to access the Internet. You give it permission, and hotComm makes the first connection, to our location server. Then, like Kaspersky, The Shield Deluxe blocks hotComm from making the second connection to the relayserver your room is on. If you are using hotComm Standard, the relays stay red. If you are using hotComm Lite or hotComm CL, you may just get ringing, you may get a message saying the room doesn't exist, or it may seem that nothing happens.

    If you do not want to make a permanent configuration, you can pause The Shield Deluxe temporarily while hotComm connects. Once you have connected to the room successfully, you can re-enable The Shield Deluxe.

    For more information on PCSecurityShield, see

    Rogers Yahoo! Online Protection

    Rogers Yahoo! Online Protection includes Norton Personal Firewall 2006 Please see our instructions for
  • Norton firewalls.

    Please see the Rogers tutorial for accessing the Norton Personal Firewall at

    PC-cillin (TrendMicro) and Trend Micro Internet Security

    If your PC-cillin is part of your TrendMicro package, also see our FAQ - TrendMicro Internet Security.

    7/9/08 - In general, hotComm does not have problems with TrendMicro and PcCillin. Exceptions are below:

    7/8/08 - In updating from revision 7.20 to 7.30, one customer reported that TrendMicro identified hotComm as a virus threat and blocked it from connecting to the 1stWorks Network, and therefore remaining in "Signed Out" status. After working with TrendMicro support for several hours to configure TrendMicro to allow hotComm, the customer decided to uninstall TrendMicro, uninstall hotComm, restart his computer, reinstall TrendMicro, and reinstall hotComm. That worked and he was able to connect successfully.

    From a customer (no date):

    PC-cillin users may keep losing the hotComm connection unless you configure PC-cillin as follows:

    1. Open PC-cillin
    2. Go to AntiPhishing & content protection
    3. Un-check Filter Access to Web Sites

    Information about PC-cillin is at

    Updated: 11/11/2010