For the moment, until GW works at least as fully as a Windows Firewall front end, I’m using Windows Firewall Control. As a reasonable security measure I’d checked the option for WFC to delete any unauthorized rules created by programs other than WFC. But then today I twigged as to the most likely reason for WFC recently giving me a daily prompt to allow / deny Net access to GlassWire.exe. Each time this happened I would examine WFC’s listing of Windows Firewall’s rules, and after my allowing GW there would be only the one entry - which means that repeatedly the existing rule for it was getting deleted. As far as I can make out, no other rules are getting deleted and requiring re-prompts.
I assume therefore that GlassWire.exe is writing its own Windows Firewall rule each day, probably when it checks for GW update, and is thus triggering WFC to delete that rule. If that is what is happening, it is unhelpful behaviour, because it is good security practice to disallow any non-Windows processes apart from WFC from writing or amending Windows Firewall rules. I want GW not to go creating rules for itself at all - at least until it has advanced to the stage where I can use GW as a complete and superior replacement for WFC.
From what I understand we don’t change the Windows firewall rules that are already there. Let me confirm with the dev team and get back to you. Thanks for reporting this.
I confirmed with the development team that we do not modify any Windows firewall rules that GlassWire did not create.
Thank you. Actually I’m not sure what’s happening at the moment, because yesterday I re-enabled the Windows Firewall Control option to automatically delete any unauthorized Windows Firewall rules created by programs other than WFC, and so far I’ve not had a repeat of the disappearance of the GW rules and then inevitable re-prompt for me to allow GW again. I’ll report here if the issue reappears.
I’ve checked my Windows Firewall rules today too, and the questions for me is:
Why glasswire opens all ports on all protocols for incomming data Connections to the glasswire deamon?
GlassWire checks for suspicious host updates, plus it checks for software updates. You can go to the GlassWire firewall tab to block GlassWire from accessing the Internet by making it block itself but you won’t get suspicious host updates or software updates.
GlassWire must also have access to some data connections to show all network activity on its graph in some cases.