Glasswire recreates firewall paths to items in temp folders that do not exist

(I’ve been registered for a long time here, but I guess this is my first post and I’m allowed only one image upload… I’m finding this out after including 4 images in the post that follows. So, I’ve combined three of the screengrabs into one picture at the bottom. I’m not sure you will be able to read all the details, but its the best I can do.)

In the past few weeks I’ve found myself in a time wasting loop that goes as follows:

I run a roguekiller scan which finds about 150 firewall paths added to the registry. All of them are stamped with GLASSWIRE having created the rule. All of the paths are labeled as ‘suspicious’ by roguekiller. They are all paths to ALLOW passage and they each involve one of my TEMP folders. Below is one example for the NVIDIA CONTROL PANEL INSTALLER.

(((see combined screen grabs at the bottom of the post)

So I delete all 150 items using roguekiller. Then reboot the machine.

After rebooting, a check of firewall rules shows the 150 rules just deleted are back again added by Glasswire. In the screenshot below you can see the entry for the NVIDIA CONTROL PANEL .

(Again, see the combined screen grab at the bottom of the post)

Its listed in red because the path / program doesn’t exist, yet Glasswire recreates the allowed path(s) anyway.

Below is a look at the Glasswire firewall page (part of the inactive apps section).

(This screen grab was left out … you can imagine what it looks like)

For reference: This is GlassWire Elite version 2.0.115

You can see that there are a number of items listed as NVIDIA Install Application each pointing to different paths file destinations. A quick scan over the inactive list found another 12 or so scattered about. In another help item from about 6 months ago the suggested solution was to individually click and delete the items one wanted to remove. Do you really expect people to be able to figure out exactly which item to manually delete when, with this example, there are about 18 or so identically labeled items scattered in a list of several hundred items? The other help item also said you needed to add a “clear all” button for the inactive items. I think I need that button, but can’t seem to find it on the latest release.

Below is a close up of the NVIDIA program listing in the inactive list just for reference.

(See the screen grab combo image at the bottom of this post)

The loop is completed when I next run roguekiller, which finds the same 150 some odd ‘suspicious paths’ in the results.

Now, the reason this is just starting to happen might be because roguekiller has changed its definitions of what is considered suspicious. No matter what, however, getting rid of the invalid firewall rules needs to rest with Glasswire … the program that created them in the first place and insists of recreating the same invalid rules over and over again.

If there is an easy fix to this that I have overlooked, I apologize for this lengthy post. Any attention you could give to cleaning out invalid, old and unnecessary rules that clutter the firewall configuration and registry, would truly be appreciated.

RICK

Thank you for your feedback.

First of all GlassWire creates absolutely no firewall rules at all if our firewall is switched to “Off”. If you don’t want GlassWire to write firewall rules please uninstall GlassWire in add/remove programs, reboot, then go to your Windows Firewall control panel and choose “restore defaults”.

Next reinstall GlassWire and choose the installer options “reset firewall” and “clean install”. Now as long as you keep your firewall turned off GlassWire will not make any rules.

The rules you are talking about GlassWire adding are our “Click to block” rules. They allow an app while you allow it, then you can click and block the app with GlassWire to block it. This is all transparent and uses the Windows Firewall API.

If a third party application marks our rules as “suspicious” there isn’t much we can do besides contact that company and ask them not to do that. Perhaps they have a feedback help page so you can email them and ask them not to mark our Windows API rules as suspicious.

You can clear all the inactive apps and the grey “x” button is here:

inactive

About the problem with the “TEMP” folder, did you never have any apps in the TEMP folder at all? Or are you saying you want to clear these rules that were valid at one point, but you no longer need? I’m not sure I understand.

I hope this info helps.