Windows HVCI and Glasswire

As Microsoft moves towards increasingly more virtualization based security (VBS) and the use of Hypervisor-Enforced Code Integrity (HVCI), but the glasswire driver is not compatible … things start to break, even in the current 2.2 version. Under the latest 2004 update, the feature ask to connect does not work any longer for example. New programs simply will not show.and there are significant delays until something happesn even under click to block.

As tis is a route for Microsoft to combat more modern malware, which certainly evades simple signature based AV with ease, my question goes to the Glasswire team:
Where on the agenda is this HypverV based security with its hardware enabled sandboxes in the context of Glasswire. I would certainly like to hear if my licensed product is currently only partially functional and where remedies might be on the roadmap. I am certainly inclined to help the GW team with progress in this issue.

Thanks.

datarimlens

P.S.: I did run several times into the issue that I had a valid activation code, but without going online GW had reset. With potential malware on a system, this appears to be a less than great solution. Certainly it would be possible to work a process to go online and activate with the previous setting or enable a brief activation for protection to complete the full activation process. Thanks.

This is incorrect. There was a bug in “Ask to connect” for everyone. Email me and I’ll send you an updated version. It should be out to the public next week.
https://www.glasswire.com/contact/

If you are getting error messages like “not compatible” please email us screenshots and details. We cannot investigate or solve the issue without details. Nobody else has reported this problem so far that I recall and I work the forum and helpdesk.

I have a new version I can share with you right now to check if you want to email me. Sorry for the issue and thanks for your report.

Hi Ken,

thanks for the feedback, had not noticed the generic bug yet.

We have two items at hand though, I believe.

  1. I am assuming the GW bug in 2.2.201 refers to programs not showing up in “ask to connect”? Glad it was already adressed.

  2. The HVCI compatibility can be checked directly with a microsoft tool called dgreadiness. I had used v. 3.6 (avilable in a full package) and now revalidated with 3.7.x. Unfortunately you will need to google these yourself, as I tried to post the links in variations but was not permitted.
    In that context you also find more documentation regarding HVCI based security.

Running the assessment tool in powershell with the option -Capable (e.g., DG_Readiness_Tool_v3.6.ps1 -Capable) results in a complaint about gwdrv…sys:

Incompatible HVCI Kernel Driver Modules found
Module: gwdrv.sys
Reason: execute pool type count=18046019

I would be hard pressed to judge this output as incorrect, coming directly from a MS script. If my statements were indeed incorrect, then the script incorrectly judges the gwdrv.sys as the only driver (on one machine) not suited for HVCI. I am very curious if the hot fix will address both issues.

Please keep me posted as you gather your own experience with the dg readyness script. As pointed out, virtualization is a new direction for the MS security. If you read up on the background, they are shoring up certain processes in a VM to provide better protection
for highly elevated processes. The scripts will enable Hyper-V and install a default virtual switch (which changes IPs for every boot). There is additional virtualization based security (using a second virtual switch) available for sandboxing edge/web browsing.

I apologize if this is the first mention of HVCI issues on the GW forum, but HVCI apparently is the direction of evolution for MS security.

Best regards, looking forward to your new hotfix version.

datarimlens