Windows 10 Pro 1909
GW 2.2.291 Elite
As this topic has been tagged (solved)
I’ll open this new one here…
Yesterday I dealt with Win32/BlockMsav.A!reg which was quarantined by Defender. During the mayhem, I did notice that GW changed its state to Block All.
Things are OK and my research turned up all sorts of discussions going back to 2017.
I did notice there was a related GW fix in v2.1.158, June 2019, with this thread in the forum:
That piqued my curiosity and that got me to find these two rules in Defender Firewall (there are no other rules for msmpeng.exe):
{GlassWire.out.app_-1617379985.profile_1.mode_2},GlassWire,All,Yes,Allow,No,c:\programdata\microsoft\windows defender\platform\4.18.1911.3-0\msmpeng.exe,Any,Any,Any,Any,Any,Any,Any,Any,Any,
{GlassWire.in.app_-1617379985.profile_1.mode_2},GlassWire,All,Yes,Allow,No,c:\programdata\microsoft\windows defender\platform\4.18.1911.3-0\msmpeng.exe,Any,Any,Any,Any,Any,Any,Any,Any,Any,Any,
However, the current platform is
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0
As well, that app_-1617379985 “Antimalware Service Executable” rule is under Inactive Apps. Per Alerts (1), from Feb 7, 2020. Which is about the time I built and configured this system.
So I wonder if maybe the issue fixed in v2.1.158 might have reborn itself or if it’s just another Microsoft whoopsie as it’s been reported over the years (and all sorts of other speculation).
One way or the other, I’m perplexed by GW’s way of handling msmpeng.exe.
What’s up with all that? Can that path be fixed?? Thanks!