One of our first users found malware his antivirus missed and we blogged about it here https://blog.glasswire.com/2016/12/19/detecting-malware-with-glasswire/. In his case his computer was connecting to multiple proxies and sending out lots of data at night while his PC was idle. His graph looked something like this:
You can see from the screenshot that during the time period all of this was happening the graph is shaded and it shows a clock icon, so all this strange activity happened on an idle PC over a long time period.
The theory behind GlassWire is that any kind of malware or privacy violating application will probably have to make some network related change to your PC, and hopefully GlassWire will help you catch it. For example every time a new application accesses the network GlassWire warns you with a “new” alert.
GlassWire can also tell you when your DNS server is changed, if something changes your host file, or if an application connected to the network changes its hash, version, or loses its cert, or has a cert change. You may notice this when Chrome or Firefox auto-update. GlassWire will tell you that Chrome/Firefox has changed in those cases.
The paid version of GlassWire can tell you if a new unknown device joins your WiFi network.
If you think you may have malware here is a guide that can help. https://www.glasswire.com/malware/
Unfortunately all malware is different so there is no exact specific alert GlassWire gives like an antivirus, but instead you have to read GlassWire’s data yourself and make an informed decision from that data.