Same for me, and after reading this post and quickly analyzing what could have happened, I think I understand the concern. It is not a detection of a real malware but more a heuristic alert to guard against a possible malicious action, except that the Windows Defender alert refers to the attempt to register in the Windows firewall of a rule by GlassWire when the firewall is active (whether set to ‘block all’ or ‘ask on connection’)
SYSTEM
- Windows 10 Home (x64) 20H2 (19042.867)
- GlassWire (2.2.268): Firewall configured as “ask on connection”
PROCEDURE
I had recently started my PC, and only read an article on Google News, then wanted to open ‘Epic Games’ to see if any games had any updates. The Epic Games client all just opened that Windows Defender displayed the alert with the obligation to reboot the system.
On restart, I saw the alert in more detail, and I immediately understood when I saw what it was and the source indicated by Windows Defender (PID of GlassWire was 4216 like the alert message and the REG entry are formated like other GlassWire’s rules). Windows Defender had blocked the inscription, no trace of the reg entry so maybe this will create next time.
When you launch the Epic Games client, it connects to its servers through two separate processes and checks for updates to the client, and subsequently the games. Since I haven’t launched the client for a long time, it must have fetched a new version and tried to launch it except GlassWire did not display a firewall message.
I think Windows Defender and GlassWire at the same time attempted to scan and register the firewall rule update and this turned on the heuristic alert.
GLASSWIRE VERSION
FIREWALL MODE
TL; DR
In the end, it’s a little scary at first, maybe a little longer for the less adept, but it’s a good enough sign and shows that Windows Defender is very vigilant. This does not prevent the firewall from being managed by GlassWire after reboot, and to put it philosophically, it is better to have protection that has a few false positives rather than having a real threat passing through.
Certainly, if it turns out that it is possible for GlasseWire to better negotiate this kind of situation, that would be so much the better, in any case, for more than a year that I have been using GlassWire with the firewall on "ask on login "and opening Steam clients, Epic Games, etc. every day, this is the first time this has happened.