I have followed up with our team to double check and I found our “block all” mode does the following:
- Windows Firewall blocks all incoming connections.
- Windows Firewall blocks all outgoing connections that do not have an “allow” rule.
- GlassWire adds blocking rules for all known apps on the firewall tab.
- The NT Kernel And System app is also blocked.
So in this mode GlassWire really should “block all”.