How to set or enforce boot sequence?

Last night I suffered a power outage that lasted for around 10 minutes. As I waited for my PC to reboot, I noticed that as Win10(X64 Pro) was loading, there was a considerable amount of network activity as my PC finished booting to the desktop.

Using advice from the “howto” thread I created, I have set a profile to block all internet traffic with the exception of Google Chrome. It seems that some programs are being loaded before GlassWire has a chance to load, because GlassWire is not showing any data being logged for this time period. Thinking it might just be a fluke due to the power outage, I decided to manually shutdown and restart my PC to test this. Same thing occurred, as several seconds elapsed and I could see network activity occurring on my router for several seconds as my PC booted up to my desktop.

I am running Windows10 X64 Pro on an Intel 8700K(X370) system with an 500Gig NVMe drive as my boot drive. Is there a way to ensure that GlassWire is placed as the highest priority for boot sequence, or does Microsoft somehow limit the boot sequence for 3rd party vendor software?

Edited to add: I am using GW version 2.1.167. I have ran several AV scans using MalwareBytes and another AV program I use, and am fairly certain this is not some form of infection.

@Mank

Thanks for using GlassWire. I hope my post below will help ease your mind.

GlassWire uses the Windows Firewall API. This means that even if GlassWire isn’t running at all, like during boot up, your apps will continue to be blocked.

This API we use for blocking is built into Windows and that’s a big advantage of using it. Since this API is part of Windows itself, even if GlassWire is exited or not running your apps will continue to be blocked.

Many IT and Information Security professionals use the Windows Firewall API, in fact the Windows Firewall is used by over a BILLION Windows users world wide. Most people agree the Windows Firewall is a trusted and reliable technology.

You said “there was a considerable amount of network activity as my PC finished booting to the desktop”. Then you also said “I could see network activity occurring with my router for several seconds”.

It seems you are judging your network activity on your PC based on the blinking lights on your router, is that correct? If so, in my opinion that’s not a valid way to detect network activity with your PC. We use a Windows API to detect network activity on your PC and it’s accurate and shows correct information.

Here is an article that explains why our network monitoring is accurate. https://blog.glasswire.com/2016/06/15/glasswire-network-monitoring-accuracy/

So in summary, even if GlassWire is not running (or even if it completely crashed) the Windows Firewall API will continue to block your blocked applications. There is no need to make our software higher priority during your boot up.

I think the only way you could potentially have issues here is if you’re using another firewall simultaneously with ours that also accesses the Windows Firewall API and is somehow disabling our rules. But even in that scenario we group our “GlassWire” rules separately, so that would be unlikely I think.

Please note sometimes your PC may have some local network activity that GlassWire shows that may not actually go anywhere, because it’s just failed local connections on your own PC. For example maybe your PC could try to communicate with your printer, etc…

I hope this helps explain the situation and helps put your mind at ease about our blocking abilities.

On the initial “power outage” instance and the subsequent manual power down instances, yes, I was using the port and data lights to gauge internet activity.

However, to verify my visual indications I decided to log into my router using Chrome, and I was able to log-in. If I am blocking all connections from my PC using GW, then how is a connection being made to my router in the first place? I would assume that by blocking everything, that Windows should not be establishing LAN connectivity to my router at all, let alone internet connectivity as indicated by my router data usage logs. None of this data is being logged by GW, which is why I assumed that some program, or windows components are loading prior to GW being initialized.

Edited to add: This is a wired connection directly to a LAN port on my router.

@Mank

I don’t think the blinking of the lights on a router necessarily means your PC is accessing the Internet. May I ask the type of router? Maybe I can search online and see what its blinking lights mean exactly for that specific type of hardware.

Can you unplug your computer completely and see if the router still blinks? If so then you can know for sure that the blinking is completely worthless for gauging network activity of your PC.

Is your PC the only thing connected to your router? Isn’t your modem connected to it? Why wouldn’t your modem have network activity between it and your router? There are no WiFi devices at all on your router, but only one wired PC with GlassWire?

You can also go to your Windows Firewall control panel and review the rules under the “GlassWire” group and you can confirm blocking is really in place there. You can also exit GlassWire at its top left menu and try to launch an application and you’ll find it’s still blocked.

I use the Actiontec T3200(Modem/Router) as provided by my ISP. My PC is the only device connected via Ethernet Port 1 and I have WiFi disabled on the unit. I have the router next to my PC and there is no activity with the Ethernet port light until I turn my PC on and it begins the bootup process. According to the information on my ISP’s website, the Ethernet light on this model modem/router should only blink when traffic is being passed.

Ok…problem solved.

Apparently the UEFI Bios on my Motherboard has an update feature that allows for updating the Bios via something called Internet Flash and this is the culprit of my traffic as it apparently polls for a connection as the Bios is loading.

2 Likes

@Mank

Interesting! I wonder if there is a way to disable that.

Apparently no way to disable, as I just checked. There are only two options: One to set the region to download from, the other to set the connection type(DHCP or PPOE). The default setting is DHCP.

1 Like