When “Ask to connect” is enabled GW should NEVER create ANY rule until a popup is presented AND answered. Some rules are being created with no UI notification.
I’ve deleted these rules countless times, and Glasswire keeps recreating them without consent or notification:
Dear JeffL0,
Thank you for the great topic and necessary post, as everyone will benefit from this clarification.
Please bear in mind that GlassWire uses Windows Firewall for apps blocking. If a user wants to manage firewall rules manually, then they should disable GW firewall. Otherwise GW will restore rules on every restart to keep blocked apps blocked and allowed apps allowed.
Additionally, keep in mind that GlassWire does not have it’s own firewall, but leverages the Windows Firewall API.
Hopefully, this clears some of the questions.
Best regards,
The Support Team
Thanks for the reply, but you seem to be missing the point, that when in “Ask to Connect” mode, Glasswire should NEVER be creating any rules until such a prompt is answered by the user.
Further, once Glasswire-created rules are created, if the user modifies them within the Windows Firewall Management Console, Glasswire should never touch them.
Lastly, “On every restart to keep blocked apps blocked and allowed apps allowed” is in direct conflict with all security practices, when a rule is created or deleted, do NOT alter that decision without asking the user! I deleted these VPN Rules (IKE, GRE, etc) and Glasswire keeps recreating them… that’s a huge security no-no ! I do not want those ports and protocols open, yet Glasswire keeps opening them back up! That’s unacceptable.
I believe that is only possible if you disable the Glasswire firewall. While Glasswire is running it will take priority over any settings in the native Windows Firewall since it is essentially a front-end for the Windows firewall. You can’t have both sets of rules. It’s either one or the other.
It’s not two sets of rules. As you said, and just like WFC, Glasswire is a front end to the Windows Firewall.
That said, once rules are created, Glasswire should not be modifying them. That simple.
And the fact that Glasswire decides it’s in YOUR best interest to automatically keep recreating rules every time it starts? Like punching holes for IKE, GRE, etc, even though you may never use a VPN, and you specifically said “No, I don’t want these rules, I am deleting them” … to just ignore that is a blatent disregard for security. Creating new open ports every time the program starts even though the user doesn’t want them? No, that’s unacceptable.
Well good luck. Not a problem here.