Windows 10 Defender issue/detection I am guessing it has to do with glasswire since it is a fresh install of windows.

1 Like

Also couple of days ago glasswire server was crashed. I just notice icon doesnt look right so i checked it. It made a memory dump on desktop too.


If you go to the top left menu and choose “About”, what version of GlassWire do you have?

Did you use our “Block all” firewall mode?

I have reinstalled everything again so I cant go and choose “About” but I can tell you that it was downloaded directly from glasswire website today. So whatever version is public to day that is the one. 2.2 i think? I was using ask to connect mode.


For even a moment could you have switched to “block all” mode?

Could you email me a screenshot of your firewall so I can see what’s blocked there? It will help me find the cause.

Please include a link to this thread.

Cant help you sorry. All I can say is it was a fresh install of windows 10 updated to latest, no additional applications, detection appeared shortly after switching on the firewall. Nothing was blocked by me.

OK, we will try to recreate the issue. Thanks for your report.


I don’t know if it will help, but I’ve received two different warnings of the same detection. One on Feb 3rd, and another just last night. Here are the details as indicated in my Windows security panel:

Affected Items:
behavior: pid:2828:1937012556366723
process: pid:2828,ProcessStart:132570650589753017
regkeyvalue: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DC885274-6863-4465-9991-FC96B9399514}

In both cases I received a warning that remediation was not complete and that I needed to reboot my system in order for the removal to be effective.

The process ID indicated(2828) was an instance of svchost that was running in memory. I’m still using GW version 2.2.241, so I doubt this is something new introduced in one of the newer versions of GW. It seems a recent update to the security engine in Windows might not be playing well with whatever GW is doing.

ETA: I am in ask to connect mode.

1 Like


Thanks, I’ll share this with our team. Do you think you could have accidentally used “block all” for just a few moments?

Same here. Version 2.2.268 of glasswire. Never set “block all” even accidentally.

PID points to svchost.exe


Exactly the same problem here.
WG Version: 2.2.268
Never used “block all” functionality.

PID also pointed to svchost.exe


1 Like

I never used block all myself, I have reinstalled the os, updated to latest and then installed glasswire and activated the firewall and no detections this time everythink OK. Difference is the last time I installed glasswire while windows was still updating so maybe that was the issue. Also is it possible that glasswire blocked my clock from properly updating? Because I had that issue and I am not sure if it was due to glasswire but I never had such issue and I read that glasswire is now blocking stuff without our knowledge. May I ask why is that necessary?

@leo Sorry for the issue. I have never heard of anyone having an issue with their clock and GlassWire before. I think it is probably unrelated.

Yep here as well right in the middle of the game popup from windows defender.
I would post image but link won’t allowed and upload too large.

ME TO: 2.2.268

Detected: Behavior:Win32/WDBlockFirewallRule.P
Status: Failed
This threat or app might not be completely remediated.
Date: 12-Feb-21 01:36 AM
**Details: This program is dangerous and executes commands from an **

Affected items:
behavior: pid:3544:1937012556366723
process: pid:3544,ProcessStart:132574784832248217
regkeyvalue: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{A614730C-5CC2-404E-B2D5-7DB8BDF79303}

Best regards,

@workbox @Ilan_Laloum

Could you email me a screenshot of what you have blocked with the firewall if you feel comfortable doing so?

Please include a link to this thread also.

Email sent to bugs@glasswire

I am having the same error, I have attached a screen shot.

1 Like

Defender also links to a page when I press “Learn more” but since I am a new user I can’t post the URL.

No, not possible that I used “Block All” as I was asleep when this occurred and I was set to “Ask To Connect”. I found the notifications from Windows Defender when I awoke. I will perform a full scan using Windows Defender and report back if it detects it again.