During PC Idle time, glass-wire did allow me to catch an intrusion. I was able to look at the timeline usage tab and find the largest upload offender. It also showed me a matching amount of data used on the “Traffic-Type” It was a protocol called “Kerberos” which is used in remote access with high security.
However! I only noticed this because my network router lights were blinking hard when I wasn’t on the computer. Only then did I dig into glass-wire to see what it logged.
I think this was an amazing thing that Glass-wire is classifying the network traffic. But it’s just informational. If you added a tab to create alerts for traffic that “isn’t” in my traffic whitelist. I would have been able to catch it immediately. I also noticed that after I blocked the destination ip address to this offender. I saw “other” unusual protocols showing up on traffic type. I surmise this was the same group trying out different methods to get in again.
I think analyzing traffic is MORE powerful than a virus checker. You could add this feature to glass wire so easily since you have already done the hard work. It should BEEP the computer because this traffic occurs when nobody is on the computer. Glass-wire as far as I know is the only tool I know of that shows forensic information at this detail level.
As an additional feature you could automatically BLOCK apps that attempt traffic-types that I black-list.