Once infected, then what?

I like the concept, but what do you do once you find a problem?

1 Like

@stealthkit GlassWire is most certainly not an antivirus and we have never claimed to be one. At GlassWire.com we have always said you should run an antivirus with GlassWire, something like Malwarebytes for example. Or, Windows itself comes with Windows Defender.

Also just to be clear, VirusTotal is a file analysis service and not an antivirus. For this reason we take no action based on VirusTotal scans.
https://www.glasswire.com/userguide/#Virus_Total

Did you know we can also check hosts? If you see something flagged by VirusTotal, or something you feel is suspicious you can can also easily investigate the hosts it’s connecting to. Just find the host, mouse over it, and click the three dot icon after it and choose “search online”. Here is an example host I found today that is probably not dangerous. https://www.glasswire.com/host/216.58.194.37

What can you do if you think you have malware?
First you can block the file with GlassWire’s firewall.

Then if it was me I’d probably do this:

  1. Update all definitions with Windows Defender and do a full system scan.
  2. Install and use Malwarebytes and try the same if Windows Defender couldn’t catch something.

If neither of those still couldn’t pick up the issue I’d probably search online about the threat and try to remove the file manually. If all that doesn’t work and if my data is important on that device then I’d probably reinstall Windows.

What about other problems?
There are all kinds of other problems GlassWire can find that aren’t specifically malware. For example Krebsonsecurity.com had this example: “Glasswire recently came in handy to help me determine which application was using gigabytes worth of bandwidth each day (it turned out to be a version of Amazon Music’s software client that had a glitchy updater).”

Another GlassWire feature that personally helped me recently was our “ARP spoofing detection”. I had a friend who had a device that kept going on/offline. When I joined their network with GlassWire I got an Arp Spoofing alert. I found that two of his devices were sharing an IP address because they had a router behind another router that was configured incorrectly.

I’d say most people use GlassWire to find data hogs (Android and Windows) using up all their data and slowing their network. This is a free feature with GlassWire anyone can use and it never expires.

Our user guide is here if you’d like to learn about all our features.

We could consider adding a manual “Quarantine” option to our firewall if our user base might find it useful, and if it would not use a lot of resources. I believe Microsoft may offer an API for this. But since we’re not an antivirus I don’t believe we’d ever automatically quarantine things. That’s just not what we’re trying to do and I worry it might cause more problems than it might solve.

If others have feedback on this “Quarantine” feature idea please feel free to chime in!

Thanks for your feedback so we can continue to improve GlassWire.

FYI: I edited the subject of your post just barely to make it easier to understand. I hope that’s OK.

3 Likes

Who is the censoring ahole that changed the title?
I never said anything about malware damn it.

@stealthkit

Please check the last line of my post where I said I did that. I added MORE words, not less. Sorry if you feel it was censoring.

“FYI: I edited the subject of your post just barely to make it easier to understand. I hope that’s OK.”

I just put it back to what it said before instead of what I changed it to: Once infected with malware what can I do?

1 Like

If you’re concerned you’re infected, you can download my Anti-Malware Toolkit to get the programs needed to clean up your PC safely.

2 Likes