I am still thinking though this, so I am not 100% sure I have thought of all ramifications.
I am trying to reduce how “noisy” GlassWire can be while still retaining as much protection as possible.
How about an option (I don’t think it should default to on) to auto-allow any app that, when submitted to VirusTotal, comes back with a clean bill of health (zero engines think it is malicious)
There is always a chance that the executable could be a brand new malicious program, but not terribly likely. In almost all cases, if VirusTotal thinks it is fine, I am going to allow it anyway.
Perhaps a final refinement - if GlassWire auto-allows an app, it gets checked 24 hours later at VirusTotal (completely invisible to me as a user). If it still comes back clean, it is left on the “allow” list unless/until its hash changes.