Thanks, we may ask for the rules from the firewall itself if you could maybe export them and email them to us? Just use the email address you usually email to and we’ll respond there.
Hi Ken, happy to. It’s actually a license that comes from Microsoft 365 E5 licenses on Azure and there is some cloud setup, unfortunately.
The executable that may have triggered this is located here on my system - c:\programdata\microsoft\windows defender\platform\4.18.2110.6-0\msmpeng.exe. Might be a red herring but it popped up as soon as this was approved from Ask to Connect.
FWIIW, this isn’t a work-stopping issue or anything. Just popped up and thought I’d look into it a bit and found this thread.
A few days ago I updated Windows to 21H1. After performing the update I uninstalled Glasswire(following the above procedures) and updated to 2.3.359 following the above procedures also.
We had a bad storm yesterday and the power went out for a few minutes. Once I turned my machine back on and logged back into windows, I was met with the “Behavior:Win32/WDBlockFirewallRule.P” warning by Windows Defender.
Prior to losing power, I had set Glasswire to “Ask to connect” mode like I always do. The only other program I have loading at startup is Malwarebytes Anti-Malware program. Could it be doing something to cause this maybe?
No, Malwarebytes shouldn’t have any issues with GlassWire or this error. We think we may have found an issue and we have opened a ticket, thanks for your report.
Hello @Mank make sure to unsinstal the ‘hardening tools’, this issue has been fixed many many months ago so you are messed something up on your system te error its poping up because of this hard tools you use so just delete that and it should be all fine. Cheers!
I don’t know yet. I know we have opened a ticket and the person investigating shared that information with me, but I don’t have the details. I would ask them but they are out currently.
@Geri123 maybe they have identified another hardening tools? this was certainly always the culprit makes sense it is again
1 Like
That is understantable @Geri123, but lets not expell the possibile reported imaginery things reported. yes?
1 Like
We have modified the software and the next update should solve it for people who have seen this issue.
Completely fresh install. Another facepalm. When will this problem be fixed? Microsoft is saying glasswire is trying to execute remote code on my device, should i trust microsoft or glasswire? HMM
We have modified the unreleased GlassWire software and the next update should solve it for people who have seen this issue.
If you are experiencing the problem you’ll have to follow these instructions after updating to the new version (when it’s available):
@Geri123 The false positive happens when Microsoft Security makes a scan at around the same time GlassWire blocks the Microsoft Security module in our “ask to connect” mode, temporarily. As a result, the notification appears for some people, and not others depending on when Microsoft Security made the scan.
Since this false positive seemed to appear randomly in some situations, and not at all in other situations, it was difficult to understand and solve.
We have white listed all the latest modules so it should solve the issue when the update is released.
1 Like
Please try this update and let me know if it solves it.
If it does not, you’ll have to try these steps Behavior:Win32/WDBlockFirewallRule.P - #85 by Ken_GlassWire, then try again.
The issue can still appear without a clean install because the old rules may be present, so that’s why you may have to do this Behavior:Win32/WDBlockFirewallRule.P - #85 by Ken_GlassWire to solve the issue permanently. Thanks for your patience.
Arrived home after work today and saw another notice about this dreaded FirewallRule.p detection.
It seems windows performed yet another update earlier today and that is what continues to cause these detections.
I’m still using GW version 2.3.359
Microsoft’s Security Intelligence updated today at 4:06pm. The FirewallRule.p detection was timestamped at 4:15pm. It can’t be a mere coincidence that this continues to happen after MS updates its security engine.
ETA: My logs show several scans being done by Defender since I reported my last detection on Nov 3rd, and none of them gave me a FirewallRule.p detection, so whatever they/MS are changing when they update the Intelligence engine seems to be responsible for these detections.
2nd Edit to add:
This was fixed with GlassWire 2.3.367 that was released last month.