Many of my average users who try out a firewall are frustrated by having fundamental Windows features trapped by the firewall. They have asked (and requested) “something” to permit Windows features to be automatically “allowed” through the firewall without any intervention by the user. There is an equal split among the users in wanting any notification at all for MS provided features or apps. Those that want a notification want only an informational entry that notes - upon the first use - that a “standard” Windows feature or MS application has been automatically “allowed” through the firewall and functions correctly, which from their perspective is precisely what they are expecting.
There is radically less concern regarding MS spying than there is regarding a rogue bad actor getting into the system and compromising personal identity information - or in particular - accessing financial data or breaching financial accounts. Average users comprise the overwhelming majority of the worldwide Windows user base and are simply not interested in “configuring” a firewall for Windows features that they “expect” to function. These users are not interested or, in may instances, capable of distinguishing between a white or black application…much less a “gray” application.
Automatically allowing certificate signed apps are a start at helping the average users. But, there are quite a few Windows features or services and MS apps that still fall outside that category - and that the average users expect to function. If a firewall states that it contains a feature that will automatically allow certificate signed features and apps through the firewall, then those same users will likely not understand how to deal with an “Allow or Deny” popup that is flagging a just accessed “Windows” or “MS” app or service that wasn’t in the automatic allow list. This is a major hurdle for those users - keeping in mind that these users comprise the overwhelming majority of the user base. Thus, there is a major hurdle - or resistance - for acceptance of any firewall.
I strongly suggest that not only is an automatic allow option for certificate signed items implemented, but that an automatic allow option for all Windows and MS provided features, services, and apps be implemented. I understand that the more technically inclined users would likely never choose the latter option - but - that should not preclude providing such an option for the overwhelming majority of the Windows user base.
Selecting a blanket allow for all Windows and MS items does permit potentially greater telemetry transmission to MS. However, once again, while not “thrilled” with the telemetry, my users absolutely do not consider MS the threat. It is the concern for a third party bad actor gaining phoning home invisible access to their data that is their concern.
Ken - I strongly encourage the provision of “options” that make it possible for the average user to realize the security, protection, and monitoring benefits of Glasswire. While your program is wonderful as it is, it is not something that I can successfully interest very many average users in utilizing - nor any other firewall for that matter. While there is no true set and forget…one can offer options that at least match the telemetry permission level (tolerance) that the user “accepted” (knowingly or not - it is in fact accepted) when their Windows account was installed on their computer. At the very least, this would permit matching firewall performance to the users experience with the performance of Windows itself.
…just my thoughts…for helping frustrated users…