Hi,
I just installed GlassWire and I’m seeing the following limitations/issues. Therefore I’d like to provide my thoughts:
- Java/Python/PowerShell Applications only show up by there runtime but not by there actual program file. GlassWire lists only the executable path instead of the full command line (like taskmgr does).
- The “Things” Tab does not support IPv6 my ipv6 only devices are not showing up.
- The “Things” Tab does not show the interface where the device is connected to. It is not visible if the device is a docker container/hyper-v vm or another device on the physical network.
- The hostfile change detection does only show that the file changed, but not by which application.
- Services are only shown by there executable (svchost.exe) instead of there service name.
- The “Usage” tab does not show the port and gets confused by applications connecting to non standard ports (e.g. if the oposite site is behind a CGN/NAT or just uses a non standard port), therefore a http request to tcp-22 is shown as ssh despite being http.
- The Firewall tab shows wsl applications with there full path (this is good, but I’d suggest showing the wsl environment and relative path within it instead. Like:
ubuntu /usr/bin/curl) - My “Windows Sandbox” is broken since the last windows update, therefore I did not test it.
- GlassWire inserts an Inbound Windows Firewall rule even though remote access is disabled in settings.
- GlassWire does not detect local windows firewall rules being disabled and ignored by GPO (apply local firewall rules: no)
- GlassWire creates many unnecessary inbound firewall rules: VRRP, PGM, L2TP, IGMP, GRE, ICMPv6. Some these already exist or are predefined rules by the os. And for others like L2TP and GRE, why? Why does GlassWire open inbound vpn ports?
- GlassWire does not detect it’s firewall rules being deleted (as the hostfile is monitored for change I’d have expected it to also notify/monitor me as soon as one of it’s rules is deleted)
- Does not capture the SNI header of outgoing TLS connections and therefore only shows the IP address.
- Alerts don’t show source/destination port numbers.
- For IPv6 traffic the origin address is not captured.
- The Usage page does not allow to click on individual apps to show what hosts they connected to. It only allows to see which remote hosts where connected by destination port and which applications connected to any of these hosts on this specific destination port.
- The Usage page confuses destination port with protocol/type of traffic.
- Traffic passing through the monitored host is not detected (Hyper-V VM, VPN Tunnels, Docker container)
Summary:
GlassWire is not a bad tool, but for an application claiming to provide “full insight” it is rather limited. By that claim I was expecting DPI and a fancy gui and not only netstat and a gui…
Therefore 2.5 out of 5 stars.
Best,
uSh4pe