Low-level Settings guide

How to reach the Low-level settings

Changing Low-level settings can cause problems with the performance of AdGuard, may break the Internet connection or compromise your security and privacy. You should only open this section if you are sure of what you are doing or our support-team has asked you about it.

To go to Low-level settings, open the main menu, tap Settings, choose Advanced and find Low-Level Settings at the bottom of the screen.

Low-level settings

pref.boot.startup.delay

Here you can set AdGuard’s startup delay after device boot-up (in seconds). This setting is only relevant if AdGuard autostart is enabled (Settings —> General —> AdGuard autostart).

pref.dns.blocking.type

Here you can select the way AdGuard will respond to blocked DNS queries:

0 — means block requests with Refused response code for Network filtering rules and with Unspecified IP for Host rules.
1 — means block requests with NXDomain for all kinds of filtering rules.
2 — means block requests with Unspecified IP for all kinds of filtering rules.
3 — means block requests with Unspecified IP for all kinds of filtering rules.
4 — means block requests with Refused response code for all kinds of filtering rules.

1 is used by default if the entered value is not valid.

pref.dns.bootstrap

Bootstrap DNS for DoH, DoT, and DoQ servers. The System DNS server is used by default.

pref.dns.detect.search.domains

If enabled AdGuard detects search domains and automatically forwards them to the fallback upstreams if they exist.

pref.dns.fallback

Here you can specify a fallback DNS resolver that will be used when the configured server is not available. If not specified, the system default DNS is used as a fallback. A string “none” means no fallback at all.

pref.dns.fallback.domains

Here you can list domains that will be directly forwarded to the fallback upstreams (if they exist).

pref.dns.timeout

Here you can specify a timeout in milliseconds to be used for each DNS request. Please note that if you are using multiple upstreams, the fallback DNS resolver will only be used after all the timeouts of each upstream.

pref.enforce.https.filtering

Here are already listed package names of apps for which AdGuard enforces HTTPS filtering. You can add this list with any app even if it targets Android 7+. But before check if the application trusts the AdGuard’s HTTPS certificate, which is located in the User storage, or the developers have not provided such an option.

pref.enforce.paused.notification

Enforce notification about paused protection even when the notification icon is set to Disabled (for Android below Oreo).

pref.excluded.packages

Here you can list the packages and UIDs you want to exclude from filtering.

pref.filtered.ports

Here you can list the ports connections to which will be filtered.

pref.har.capture

Here you can enable HAR file capture. Use it only for debugging purposes! If the setting is enabled, AdGuard will create a directory named “har” inside the app cache directory. It contains information about all filtered HTTP requests in HAR 1.2 format and can be analyzed with the Fiddler program.

pref.https.ignored.errors

For the domains and package names listed here, notifications that they do not trust AdGuard's HTTPS certificate will be disabled.

pref.https.opportunistic

If enabled, AdGuard will bypass the traffic of any app that does not trust our certificate. It is enabled by default.

pref.ipv4.routs.excluded

Here you can find the list of IPv4 ranges excluded from filtering. For instance, we don’t filter connections to the private IP ranges. You can add this list if required.

pref.ipv6.routs.excluded

Here you can list the IPv6 ranges which you want to exclude from filtering.

pref.notify.on.unknown.ca

If enabled, AdGuard shows you a notification if any app doesn’t trust our HTTPS certificate.

pref.proxy.block.ipv6

If enabled, AdGuard blocks all Internet connections through IPv6 when working in “Proxy with automatic setup” mode.

pref.proxy.disable.reconfigure

Here you can disable AdGuard automatic root proxy reconfiguration when network connectivity changes.

pref.quic.bypass.packages

Here you can list packages for which AdGuard will bypass QUIC traffic.

pref.removed.html.log

If enabled, AdGuard shows information about blocked HTML elements in the filtering log.

pref.root.clear.youtube

If enabled, AdGuard clears YouTube app data on booting to block YouTube ads. Root access is required.

pref.root.set.oom_adj

If enabled, AdGuard sets the minimum oom_score_adj for its own process to stay alive all the time. Requires root access.

pref.samsungpay.autopause.enable

If enabled, AdGuard pauses protection when you open the Samsung Pay app. Requires usage access.

pref.vpn.android10.mitigate

If enabled, AdGuard applies a workaround solution that mitigates the soft reboots issue caused by an Android 10 bug.

pref.vpn.capture

If enabled, AdGuard will create the special file name “tun.pcap”. It contains all network packets transferred through the VPN. This file is located in the app cache directory and can be analyzed with the Wireshark program.

pref.vpn.disable.pause

This feature disables automatic VPN pause in case of network absence, tethering, or power-saving mode.

pref.vpn.disable.reconfigure

This feature disables VPN automatic reconfiguration in case of network absence, tethering, or power-saving mode.

pref.vpn.ipv4.address

TUN interface IPv4 address.

pref.vpn.ipv4.bypass

If enabled, VPN will be configured to bypass all the IPv4 traffic. In this case, IPv4 will work, but it will not be filtered.

pref.vpn.ipv4.force.complex

If enabled, VPN will bypass the LAN when possible. However, for complex networks, the LAN is not excluded and connections will be filtered, including local ones.

pref.vpn.ipv4.force.default

This feature disables the routes we use to exclude LAN from filtering.

pref.vpn.ipv6.address

TUN interface IPv6 address.

pref.vpn.ipv6.bypass

If enabled, VPN will be configured to bypass all the IPv6 traffic. In this case, IPv6 will work, but it will not be filtered.

pref.vpn.ipv6.disable

This feature forcibly disables filtering for IPv6 networks. In this case, IPv6 will not work at all.

pref.vpn.ipv6.force

This feature forcibly enables filtering for IPv6 networks. The app doesn’t filter IPv6 on Lollipop and some cell carriers by default.

pref.vpn.tun.mtu

Here you can set the maximum transmission unit (MTU) of the VPN interface. The recommended interval for the experiments is from 1500 to 9000.

Reset

You always can reset Low-level settings to default.