It would be useful if there was an option for GlassWire (best by default) to only create outbound rules when allowing a program. In addition to that, it would be helpful if there was a description next to each mode for “ask to connect”, “click to block” etc.
From what I have read about firewalls, I understand that inbound rules are only for programs that need to receive “unsolicited” inbound connections, or “act as servers”, meaning to receive connection not requested by the user or app. Isn’t that option less secure if enabled by default for all programs that connect to the internet? Browsers and most other programs work fine (at least from what I have tested) only with outbound rules enabled.
1 Like
I think that you might have only understood part of the scope of inbound rules.
You should have a look at the inbound rules in Windows Firewall with Advanced Security. Then work out what you can do without. There’s probably very little that you would remove because no inbound rules (when the Windows Firewall is running) usually means no games, no Skype/video calls, etc.
I think that outbound firewall rules are less useful for what I normally do. But GlassWire provides an easy interface to manage them.because they are very useful for stopping applications from “phoning home” to commonly send telemetry and tracking data.
If your computer is attached to a local network then that network should have a firewall on your router which provides further protection.
Hi Remah,
Thanks for the reply.
I had been using Windows Firewall Control before Glasswire and its default and strongly recommended behavior was to create only outbound rules. I didn’t had any problems with any app in this way. Some apps that required inbound access (listening) created those rules by themselves (I don’t know why without asking, such as Steam) or by popping a Windows Firewall security notification.
All this applies, of course, when the setting is set to “ask to connect”. That is what enables outbound filtering.
I still believe, since this product is supposed to harden Windows’ security, that there should be an option to make the program create only outbound rules when set to “ask to connect” (outbound filtering enabled).
Thanks for your feedback. We are already working on different “Ask to connect” features for the future.
Hello, I am replying as a returning user of Glasswire after quite a while.
I still find this old question unanswered, and I want to provide more insight and also understand myself a few more things.
Windows Firewall by default blocks all incoming connection (except inbound allow rules) but allows all outgoing connections unless they match a (outbound block) rule.
Manually, Windows Firewall can be set to block all outgoing traffic, except connections with outbound allow rules.
So, in the default behavior (block incoming, allow outgoing), you can still block outbound traffic by creating an outbound block rule. In the “elevated” behavior (block incoming, block outgoing) all outbound traffic is blocked, unless you specify otherwise.
Now, Glasswire creates inbound and outbound rules for all apps/programs that connect to the internet. When set to “click to block”, it keeps Windows Firewall to its default state (allow all outgoing). However, since it has already created the outbound allow rule, why not elevate the security by turning on outbound firewall scanning as well? The “ask to connect” mode turns on Windows Firewall outbound scanning, but that isn’t consistent to its way of operation either, since Glasswire creates an outbound block rule anyway if the program is not allowed by the user to connect (which would also be blocked by default Windows Firewall behavior).
If all traffic goes through Glasswire (and the appropriate block rules are created), changing mode in Windows Firewall isn’t really necessary.
Inbound rules may pose a risk (my original comment), since Microsoft states that only programs that act as servers (need to listen for incoming traffic, such as gaming applications) need them.
Will Glasswire block automatically a program in “click to block” mode, if Virus Total finds it to be malicious?