I’m wondering how you envisage this actually working. I’ve never seen this in a firewall so have you got an example that the rest of us users could see?
FYI, similar requests were made in 2016. I’m guessing it is either a complex feature or not considered important enough. If it was simple then I imagine the GlassWire team would have implemented it in the 2-3 years since they said they were interested:
I have a philosophical question about security. Why would I want to allow an application to communicate when I might soon be blocking it? I would think I’m better off testing the application in a test environment such as a sandbox rather than allowing it connect at all. If I want to see what it does then I can already allow it and then block it at a later time.
The following are some questions I have about the technical issues.
How would GlassWire determine what is considered to be “once”?
I can use the HTTP protocol as an example. What we call a network connection occurs across more than one layer of the network model and involves more than one protocol so the actual situation is a lot more complex. But this illustrates some of the issues.
The simplest HTTP transaction has four parts (connect, request, response, close). The firewall could “block once” in at least three ways:
Once a connection is made? Block the connection once the host is identified.
Once a network transaction is completed? Block the connection once a request-response pair is completed.
Once a connection is closed? See the completion of the activity e.g. a file transfer.
How would GlassWire to handle “active or persistent” applications where more than one transaction occurs and more than one host may be involved?
When would the firewall request further approval:
For each new host?
For each new protocol?
For each new protocol/host combination?
Would setting an “allow once” duration (e.g. 10 seconds, 1 minute, 1 hour) be useful to avoid many interruptions by the firewall?
If “allow once” is being used to profile the activity of an application then it seems counterproductive to block the application too early. That is probably why one of the other requests suggested using a duration.
But if only a duration is set then a user could manage this by allowing and then blocking after setting an alarm.
I have “Windows 7 Firewall Control” by Sphinx Software, on my old Vista laptop. Recently I purchased a new Windows 10 laptop and chose Glasswire.
Windows 7 Firewall Control (and their Windows 10 version) have the “Apply Once - For current launch”.
Clicking on this adds a temporary firewall rule, which is automatically deleted when the app is closed.
