Questions about two alerts I'm getting

Hello folks,

I have a couple of questions regarding some alerts that I am getting from Glasswire.

  1. Ever time my notebook wakes up from hibernation, I am getting a couple of alerts like this:
DNS settings changed
Old: 192.168.1.1
New: feco:0:0:ffff:1
DNS settings changed
Old: feco:0:0:ffff:1
New: 192.168.1.1

Now, I understand why this is happening - Windows is acquiring a DNS server address from my router and since IPv6 is enabled, it gets the IPv6 address for it too. The problem is - this happens every time. Not only it is annoying but it tends to lower my alertness - I could easily ignore a DNS change caused by malware, for instance. Yes, I can turn off these alerts, but I don’t want to. Is there a way to tell Glasswire that these two particular DNS addresses are just fine and don’t alert me on them; issue an alert only if the DNS is set to something different? Perhaps configure the DNS address explicitly instead of letting Windows automatically acquire it from the router?

  1. Occasionally, I get a triplet of alerts like this about svchost.exe:

Application info changed
The application publisher changed from “Microsoft Windows” to empty value.

Application info changed
The application is no longer signed.

Application info changed
The application publisher changed from empty value to “Microsoft Windows”.

Does anyone know why this happens? It is not the result of malware and it is not the result of Windows Update changing something during an update - although it could be the result of Windows Update checking if any updates are needed.

BTW, it would be really useful if one could copy the contents of an alert to the clipboard - e.g., in order to paste it into a forum message. :wink:

Afair the second alert is causing an upgrade of this binary (e.g. trough windows update)

I have never seen this error about svchost.exe myself. Did this happen just one time or is it a constant thing?

With the DNS I recommend going to settings/security then going to the “DNS Server Settings Monitor” and uncheck “Show desktop notification” if the desktop alert is bothering you. That way you can check the alerts manually under “alerts” and not see desktop notifications.

We will look at some other options there that will make this scenario less likely for users in the future.

It has happened more than once; it’s not a one-time thing, but it doesn’t happen often, either. As MegaChip said, it happens during Windows Update. However, I have configured my Windows Update not to install everything silently but to download the updates and to prompt me. The reason why I asked is because there was no such update from Microsoft and I wasn’t prompted to install it.

Meanwhile, I managed to track down the reason. Apparently, Windows Defender is updated via the same mechanism (Windows Update) - but it does not respect the Windows Update options and is updated silently and without prompting. My logs show that it has updated (modified) itself precisely at the time of the GlassWire alert. OK, problem solved.

I already have it configured this way. I regularly look at the alert log (manually) to check for any nefarious activity - that’s how I noticed these alerts. I’ll have to try configuring the IP of the DNS in Windows instead of having it obtained automatically - maybe these alerts will disappear then.

1 Like

We’ll try to improve the functionality in the future for both problems.