I have noticed I get alerted via GlassWire to system changes after Windows OS updates. Here is a guide that might help https://www.glasswire.com/malware/.
Hi there. Just had the same alerts as seen above after reeboting my system along with the following:
Device “Microsoft ISATAP adapter” was removed
Device “Microsoft ISATAP adapter” was added
Did not do any updates prior to the reeboot and did not mess with the ISATAP, was playing with EMET though.
Been running GlassWire for a couple of weeks now. Love the product.
I boot my system each day. Since I’ve been running GlassWire, I get two messages each time I boot.
Device “Microsoft ISATAP adapter” was added
Device “Microsoft ISATAP adapter” was removed
The time stamp on the message in GlassWire only shows hh:mm so I’m unable to tell if the messages are almost simultaneous or not. Having the :ss would be helpful.
The ISATAP adapter has to do with IPV6/IPV4. Since my system is fairly “old” hardware running Win7, I suspect that the OS is trying to complete IPV6 support but can’t find any eligible hardware so it gives up.
One of our developers was seeing a similar problem. I think we fixed it for the next release that will be out soon. If the update doesn’t fix the problem please email us or post here again.
You can also go to Settings/Security and disable System file monitor if it’s bugging you.
Thanks, and sorry for jacking someone else’s thread.
I am having the same issues with svchost.exe (host process for microsoft windows) and felt like it was really weird for a Microsoft’s application to do so.
In the meantime, could you let us know whether this is a false positive (or a software bug in glasswire) or is there any reason to be concerned due to malware or trojans?
I uploaded my svchost.exe to virus total and it came out clean (0/52)
I am on Windows 7 32-bit with Intel Core i5 650 CPU.
~EDIT : @Ken, can you tell me what does these messages signify? How does the publisher of an application change and in what way does that impact the workings of the application?
“Application no longer signed” - Are you referring to the digital signature? and does that mean some malicious app tried to inject code into a legitimate one?
I think I can answer your question. Sometimes if the publisher changes it doesn’t mean anything. For example if Google signs their application with Google Inc instead of just “Google” then it’s probably OK.
When we say “no longer signed” yes we’re talking about a digital signature. If an application goes from being signed to completely unsigned then it would be something I’d worry about. I have never had an application become unsigned while using GlassWire but our CTO has and we found it was a bug. We think we have fixed that bug though. If you are having this problem with the latest GlassWire version please email us the details and we’ll try to recreate the problem and fix it.
Thanks for the response.
I cant recreate the problem at will, as it happens randomly. I’ll try to isolate when and how its happening and report you guys back.
The current status when the application is signed is posted below. I’ll be monitoring what services are being used then the app goes unsigned and changes publisher.
+1
I can confirm this happens when installing MS updates or even with some applications.
`EDIT: If you guys could add a feature which displays an alert when windows update starts installing patches or maybe an alert when a new software is being installed on your system. That would be great, if its feasible.