Hello,
I just recently watched this video demonstrating a command that can be run by malware to allow it through the Windows firewall. I was wondering does keeping glass wire on “ask to connect” mitigate this at all? I’ve included a link below but I was genuinely curious if glass wire would help in this situation.
If you are actively running malware executables on your PC I’d say it doesn’t really matter what software/firewall you use. Your computer is already probably going to be compromised.
Also it looks like this is Windows 7 which isn’t even supported by Microsoft anymore. You can tell by the prompt icon and when he makes the virtual machine to run it on that VM site/service.
On top of all this, even if we ourselves use the Windows Firewall in some situations with GlassWire to make rules, Windows Defender will find an issue if it’s not done a certain way. I think with an updated Windows 10 install Windows Defender is going to alert on this pretty quickly and disable it if it doesn’t disable the .exe in the first place from ever working at all.
I guess to know more I’d need a copy of the .exe to run in Windows sandbox with Windows 10.
The Windows Firewall is actively used by around a BILLION Windows users/devices, so in my opinion it’s tested and safe to use and it’s not a good idea to disable it.
If you’re going to run random executables on your PC then there isn’t much that can protect you but you should look more to an antivirus to protect you in my opinion, not Windows Firewall API.
I have seen this channel before though and I like his videos! They are cool and useful.
I do see he did one video on GlassWire but he had our firewall off during the test. I wonder what “ask to connect” mode might have shown him.
Hello Ken,
I completely agree that if you’re just running random.exe’s not much can help you as that is putting yourself at a very high risk. The main point of this was just to see if glass wire would catch something like this. I was curious if a rule entered in the command prompt for Internet access would force it right through without glasswire even noticing.
I absolutely love the software and I just want to better understand its limitations and capabilities. I know there’s a lot of things and modern windows would stop compared to Windows 7. This is just something I had not really given a lot of thought until I saw this video. The idea of a silent rule being inputted is concerning to say the least even though Windows defender on Windows 10 would likely catch it.
With GlassWire 2.0 we changed how our rules work where if they are changed, they should always revert back. You’re welcome to try it yourself and see if you notice any problems with our implementation. @GlassFlare
Some people actually complain about this because they will change our rules on the firewall itself and then they revert back.
I think someone can make completely different firewall rules though if they have unfettered access to your PC.
A real eye opener! What was that terrific looking virtual machine program you used?
I have been using Glasswire for some time now and it is terrific.
I actually still have the Windows Firewall running to catch virus, and gave away Avast (which I used to love until it kept asking me to register all the time). I used the paid version for some time, but it did little more than the free version so I revert to the free version. Eventually I just relied on the Windows 10 Security. Does Glasswire look for virus too?
That was a really good video you made. Thank you! 
You have to have Windows Firewall running as GlassWire is, simply put, a Windows Firewall utility/tool.
With addition of GlassWire’s own really neat monitoring, logging, scanning and those Security features in Settings. But you already know that. 
GlassWire builds its rules in Windows Firewall as
{GlassWire.out.app_1082555629.profile_1.mode_2}
A block or allow rule exists for every app in your Firewall screen.
Hitting ON and OFF in the GlassWire Firewall screen toggles those rules, not the Windows Firewall itself or any of its rules.
Cheers.
As Ken noted, this is Windows 7. Valid though the test is, the title does suggest “Why you shouldn’t just use…” As in: Don’t use this alone. Judging by the toolbar, this build is devoid of any anti-anything.
Reference, too:
https://malwaretips.com/threads/why-you-shouldnt-use-windows-firewall.101195/
It’s doubtful if this threat would get past a properly configured Windows 10 Anti-Malware and Security.
As well, I’m confident GlassWire would snag that bbeba99f2f92.3xe if Ask To Connect and First Network Activity were enabled.
I noticed during the test our firewall was set to “Off”. I am also curious if it would have received an “Ask to connect” notice if the firewall had be on with that mode on.
But please note we don’t claim to protect anyone from ransomware and we recommend everyone use an antivirus. GlassWire is definitely not an antivirus and does not claim to be one.
https://www.glasswire.com/faq/
No. GlassWire works in addition to your antivirus as added protection but we do not recommend it as a stand-alone way to protect your computer.
GlassWire for Windows does have single-program scanning using VirusTotal. It is a useful feature in addition to my antivirus software but it doesn’t make GlassWire an antivirus because there are none of the other features like blocking and quarantine.
Yes, to turn on VirusTotal scanning go to the top left GlassWire menu and choose “settings” then “VirusTotal”.
But also note VirusTotal doesn’t call itself an antivirus either. They describe themselves as a file analysis service.
Precisely, it takes more than scanning to be an antivirus.
