Windows defender - finds trojan


win32/BlockMsav.A!.reg Still showing after downloading and installing 2.0 today. The false positive is annoying. Will there be an update in the near future that fixes this issue? Happy NewYear!! I’m enjoying your product otherwise👍



I think perhaps they are gone for the Holiday. If you have time doing a false positive report will help.


I am testing to see if I get this again without blocking this malware Defender protection. So far it hasn’t come back but I will have to see it stay away for days before I say its a fix. It was suggested here. Capture

Edit - no man I an still getting hammered even without blocking this.


I posted about year ago on this forum about my skepticism of this software and yet I bought it anyway. I bought the elite edition and Windows defender has been detecting a trojan at least once a day for over a month. Glasswires website has no “about” page, nothing about the creators or company behind it and no prior history.
… Why am I getting trojan notifications?

Here’s a screenshot of trojans (remove the __underscores):



Thank you for buying GlassWire and sorry for the problem. GlassWire has an about page about the creators and prior history. It is linked from the bottom of almost every page on the website.

It seems you used an older version of GlassWire that did not white list some parts of Windows Defender. To solve the problem please try the following:

  • Go to add/remove programs and uninstall GlassWire.

  • Go to the Windows Firewall control panel and choose “restore defaults”.

  • Reboot

  • Now reinstall GlassWire using its “clean” install option along with its “reset firewall” option.

Thanks for your patience. Taking the steps above should solve the problem.



Still happening!

How can we fix this issues that has been on going near a few years now

regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AB96E30-54EA-4DCB-8AF0-1E4B431997D2}



These false positives aren’t happening for every user of GlassWire and Windows Defender. I don’t get them because I don’t have that registry key.

So what is the application that has the firewall rule that is detected as a malware signature?



Went to this location:
regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9AB96E30-54EA-4DCB-8AF0-1E4B431997D2}

The following comes right up mentioning it was glasswire:

Value Name:

Value Data:
v2.29|Action=Block|Active=TRUE|Dir=Out|App=c:\programdata\microsoft\windows defender\platform\4.18.1902.2-0\msmpeng.exe|Name={71CAB603-3361-415C-87D1-09B0BFCD7C52}|Desc=GlassWire|EmbedCtxt=GlassWire|

Since im a new user i can’t add another photo or add another entry to this thread.

But i do have an actual screen capture of the Advanced view entry firewall screen capture of it.


That rule shows that GlassWire is blocking Windows Defender. That will be why Windows Defender reports it as malware.



Strange. I have not received a single report about this since we made a change to GlassWire in version 2.0.91 in February of last year.

Are you changing our rules manually, or are you using an old version of GlassWire? Or perhaps you have this old version and you need to do a clean reset of your Windows Firewall?

Uninstall GlassWire in add/remove programs, then go to your Windows Firewall control panel and choose “restore defaults” then reboot (it’s important!).

Now reinstall GlassWire’s latest version using our “clean install” and “reset firewall” options in our installer.



Yesterday I reinstalled my Windows 10 machine.

So I have newest windows build and newest Glasswire version and I have the same Windows Defender Trojan alert!

If you need logs or some more details let me know.



Please email us a screenshot then if possible go to your Windows Firewall control panel and choose “advanced” then export your rules and include those also.

Also the version of Windows Defender you have will be helpful. Perhaps you have a very old version with a clean install of Windows 10.


I’m sorry to hear you have such a problem.
I’m using KAV now and didn’t have such an issue before.
So, it’s useful to know about such an experience.