Firewall "Learning Mode" to learning all "normal" allowed apps on PC

Before I purchased GlassWire I had Agnitum Output firewall, there I had a very nice feature called “learning mode” -
The idea was to let the firewall application be in “learn mode” for a month or so, that during this month, application will gather list of all used apps. This way after the learning had ended, only apps that were previously added will be allowed to access network, and user can choose if new app will pop up to ask if allow it or auto blocked…

The only purpose of the learning mode as adopted by the industry ages ago and since largely abandoned was to relieve support services where new customers would call to ask, “Why is it asking to block MyDoilyPatternsUpdate.exe?” And to deflect all the griping about false positives in critical reviews and tests.

(Far more sophisticated methods have evolved in premium solutions to isolate illiterate or lazy users from any post-install decision making. Such was not my expectation when deciding to purchase Glasswire especially when considering it’s an enhancement overlay, and the best there is, for Windows Firewall.)

Those knowing anything about a learning mode know any existing malicious processes not yet detected by any other means will be allowed during the mode operation. (Later one might notice the allowed badthing.exe process in the Firewall list. Now, that’s a learning mode!)

Any given length of time for the learning mode will have considerably differing efficacy for casual users of home systems vs the productive systems in SOHO operations. “A month or so” is feeble for one and overkill for the other. Either is dangerous.

The feature could be optioned to let the user decide the learning mode period. But who determines that? Any published authoritative proposals on that metric?

The learning mode has always been known as a Bad Idea having value only on KNOWN-good systems in expertly controlled environments where anyone in such environments couldn’t give a hoot about a learning mode.

Knowledgeable users disabled the mode in Outpost and any other product that offered it.


Any feature can be “abused” by user, that doesn’t know “jack” about his system or processes that are running.

I’m not saying one should “blindly” accept any “learn mode”, but it’s handy feature to get initial 'rules" made, then one can simply go over what’s created & decide for itself if should allow activity or not…
Also, I think technology has advanced in last years, especially the “machine learning” area, and it can “arm” user with very powerful features, if designed properly & coded properly.
as an example “teaser”: if one for a whole month download by average a traffic of 15GB, and on certain month traffic goes up to 30GB (say above 50%), a “wise” application could detect this is against known studied “patterns”/“profiles” & possibly alert something is wrong, and perhaps even point what’s changes compares to previous period (as it keeps logs of it anyway)…

Just saying it can allow alternate way for creating 'rules" assuming one’s system is “clean” as mentioned.

Thank you for your feedback. We are upgrading our rules system for GlassWire 2.0.

Nothing within my discussion related to abuse. Nor did I mention there should be no “alternate way(s) for creating rules.”

“simply go over what’s created & decide for itself if should allow activity or not”
“blindly” accept any “learn mode”
"it’s handy"
Going over is just as much work as teaching when an activity presents itself, the latter having no too-late or gotcha scenarios. Or the need to remember to do the go-over well after the rules were blindly accepted. Blindly accepting being primary strategy of the leaning mode. Nothing handy, or safe, about any of that.

"Also, I think technology has advanced… etc."
Yeah, as I said, not thought, in “far more sophisticated methods have evolved.”

"assuming one’s system is “clean” as mentioned."
I didn’t mention clean. There is no assuming and no quoted clean. In my career I can assure you I have built 100’s of known-good systems for HIPAA and Regulation P enterprises and for corporations with even more stringent security as did my co-workers.

For everyone else there is the learning mode. :slight_smile:

I won’t be revisiting this discussion. Cheers!

I trust there will be the option to disable any learning or automation to your upgraded rules system. Especially if any of it occurs during the install.

I’m looking forward to Glasswire 2.0!

1 Like

@dallas7 2.0 will not have any automation or learning. You have to make the rules yourself.
We are interested in learning and automation and we will study it, but we wouldn’t want to do it unless it worked very well. It seems really difficult to add automated learning well.

We are not against learning or automation, but instead we are not sure how to implement it well at this point.

Thank you everyone for your feedback!