Im looking to filter to see specifically if a human from inside my network has been inbound on my machine e.g remote desktop, unc connections, wmi and toggle alerts to only alert in those circumstances. Is that doable ? and if so how ?
Thanks
GlassWire displays all network activity, and also detects RDP connections. Nothing can detect everything 100% unfortunately but if you use a network security monitor like GlassWire you may be able to tell if someone has connected and done something to your machine.
For example GlassWire shows “idle” time on our graph. It means that your PC mouse/keyboard is not being used. If you see major data usage during this idle time it could mean your PC has been taken over by malware. Or if you see there is not idle time when your PC is idle you’ll know someone was using your PC while you were away from it.
Do you see the grey time period on the graph with the translucent clock icon? That means during this time period the PC was idle and not accessed by the keyboard/mouse.
1 Like
So how would i filter to only see internal traffic inbound to my machine ?
There after i could probably filter only unc/smb connections.
ideally id like to only be alerted/notified to these types of connections.
1 Like
To see local traffic only go to the “usage” tab and choose it. But I think most attacks would be external traffic unless I am misunderstanding something.
Go to our settings to see all the interesting things you can be alerted to.
https://www.glasswire.com/userguide/#Alerts_Tab
1 Like
We have perimeter firewalls also so i was looking to toggle and look for internal threats. To test i connected to my machine from another machine in the same internal network via unc share and copied several files down but didnt see any alert from glass-wire. Maybe there is a specific setting ?
This would not be an RDP connection.
Scenario on this test was someone browsing my file’s remotely
e.g. \\c$\users\Bicard\Desktop\Secret-files
Though my file system was being traversed remotely I didn’t see any alert.
Sorry, I guess I just don’t understand. If someone is browsing your files remotely then how are they connected to your PC to do this?
We don’t monitor you using your file system. Instead we monitor changes only to network related apps and devices. GlassWire is a network security monitor not a file manager. We focus only on network related changes.
A remote user on the network could connect to my pc remotely by clicking Start > Run \remotecomputername\c$\users\Bicard\Desktop\Secret-files
This would initiate a remote session to my computer from a foreign machine on the network. What I was looking for specifically was a record/Alert of the foreign machine connecting to my machine from within the same internal network but when tested it didn’t look to be logged & didn’t alert.
Yes, we don’t have an alert for file sharing on the same network. In most cases this would be normal behavior. If you don’t want this you should turn off sharing.
GlassWire should detect all network sharing though and show that activity on its graph but we don’t specify alerts for this because it seems like if you have on network sharing and people are using it then it would be annoying to get constant alerts about it.
Perhaps we should consider an alert for the first time a person connects for network sharing on your PC.
Thanks for your feedback on this idea.
1 Like
I did find this interesting article on how you can see who is connected for file sharing any time within Windows. It is built into Windows itself.
For security purposes yes think it would be a good addition. Hackers will take over another workstation and use that to move laterally in the network. A workstation is not a file server so if someone remotely connects to my workstation to copy/ex filtrate files from it. That would be something for me that would warrant an alert. Basically any foreign network connection.
Many thanks for assisting me.
1 Like