Firefox/IE traffic doesn't show in Glasswire but does show in perfmon /res


#1

I have a weird problem with GW2.0.84 (Win7 btw - although I have had the same symptoms in GW1 in various sub versions): the firewall control blocks firefox/ie traffic on demand, but no traffic/connections for these items is/are shown (when unblocked) - just blank space against the program in Firewall tab entry and no traffic at all in the Usage tab (the Apps do not show in the Usage tab and there is no record of the hosts accessed). When I examine the same items in Win7 using perfmon /res the expected traffic/host access is visible. What’s weird is it is just for web traffic (firefox/Plugin-container for firefox/IE/streaming media downloaders). Programs like teamviewer (in viewer mode) show up correctly. I have tried resetting the Windows firewall to its defaults, clean reinstalling firefox, clean reinstalling Glasswire and removing any software that uses winpcap and vpn tunnels. My surmise is that something I installed/uninstalled some months ago altered a configuration setting which caused these symptoms but I would appreciate some guidance as to where I can look (registry/etc) to see what I have done wrong.
The real mystery (to me) is why it’s just web page/streaming media traffic that’s affected and why I can still see this traffic in perfmon.
Please do not hold back if I’m being stupid/have done something stupid - I’d rather sort this out than hide my shame.
Many thanks in advance.
Kind regards,
DaUnderdoug


#2

@DaUnderdoug

If you reboot does the traffic start to show up in GlassWire? Have you ever rebooted since using GlassWire?

GlassWire uses a Windows API to monitor traffic, and it’s probably the same one PerfMon uses, so the traffic data should be similar or even identical.


#3

Hi Ken,
Thanks for getting back to me.
I use my system in a paranoid manner. When I’m at work, my home machine (and internet router) is switched off, so the machine can be said to have been rebooted many (10s of) times since the GW 2.0.84 install. I should add that when I boot up from power off, the network is intentionally disabled until I explicitly enable it (when I shut down I habitually disable it - I told you that I’m paranoid). I have rebooted with the network enabled, but to no avail.

Kind regards,

DaUnderdoug


#4

@DaUnderdoug

Please email us some screenshots of details if you want. I will send it to the team to check, or post them here if you prefer.
https://www.glasswire.com/contact/


#5

Hi Ken,

Attached (please find) screenshots of gw vs perfmon /res with firefox playing a youtube video (minimised). I hope that this is of some use to you.

Many thanks in advance and kind regards,
DaUnderdoug


#6


Since I’m a new user, I can only put the one image in a post, hence this image/post.

Thanks once again.


#7

Hi Ken,
I was wondering what the Windows API actually is: I’m trying to see if it needs reinstallation or has settings that need defaulting.

Thanks in advance for your help.

Kind regards,

DaUnderdoug


#8

Hi Ken,

I’ve found the cause of the problem. I was using Vipre Internet Security: even with the program’s firewall disabled (and just using antivirus alone - according to the settings - with windows firewall enabled), a bypass seemed to be created that caused traffic to be non-reported. Removing Vipre Internet Security solved this problem. There seems to be no trouble with BitDefender (so far).

Many thanks.

DaUnderdoug

If it’s of use to you, you can have my license code to test the interactions.


#9

If VIPRE is running all your traffic through it as kind of a main in the middle system, then GlassWire was showing correct data. We’ll check it out and see, thanks.


#10

I have no real idea as to what Vipre was actually doing (it does appear to be a man-in the middle as you say): some traffic (e.g. ntp and teamviewer) shows up in Glasswire, Firefox and downloader traffic does not (whilst the data transfers showed up in perfmon /res running simultaneously). If there are any tests that I can do for you, please let me know.

Many thanks.

DaUnderdoug