Jump to content
GlassWireLabs

GlassWire Network Security Monitor & Firewall False Positive

Recommended Posts

We often recommend Malwarebytes to our customers and I don't recall there being a false positive with GlassWire/Malwarebytes in the past.  Unfortunately now we are receiving complaints about a false positive and we need your assistance please.

You can download our installer from here https://www.glasswire.com/download/.

The false positive screenshot is attached.

Thank you for your assistance.

 

-Log Details-
Scan Date: 6/11/20
Scan Time: 8:52 AM
Log File: 65a7c437-abe2-11ea-a534-201a06b471c5.json
 
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.931
Update Package Version: 1.0.25366
License: Premium
 
-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 320950
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 22 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
-Scan Details-
Process: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , ,
 
Module: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , ,
 
Registry Key: 1
Trojan.MalPack, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlassWire, No Action By User, 555, 830500, , , ,
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, 1.0.25366, , ame,
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 

 

 

0.png

Share this post


Link to post
Share on other sites

Disregard my last post, I found the file. This will be fixed in our next update.

 

Regards.

Share this post


Link to post
Share on other sites

@Atribune

Thank you.  Does Malwarebytes have some sort of white list or partner program to help avoid future false positives?

We often recommend Malwarebytes to our customers because we think it's great (with no financial incentive to do so) so it's obviously very bad when we recommend a software that says GlassWire is a Trojan.

Thank you @Mikemo05!

Share this post


Link to post
Share on other sites

Maybe Malwarebytes can confirm the version number of the update package that will resolve this issue? I just received a new update package a few minutes ago, and this false-positive issue still exists.

My current version numbers in the attached screenshot.

2020-06-11 09_27_15-Malwarebytes Premium  4.1.0.png

Share this post


Link to post
Share on other sites

@bbdd

I think the Malwarebytes update that soles the issue is not out yet.  I just reported this issue this morning. 

Thanks for following up though, and we at GlassWire are hoping the Malwarebytes update comes out quickly! 

Share this post


Link to post
Share on other sites

I spoke a few minutes too soon. A new update package was just received, and this version has resolved the false-positive issue. Version info attached.

2020-06-11 09_32_27-Malwarebytes Premium  4.1.0.png

Share this post


Link to post
Share on other sites

We dont have a partner program as of yet. But we aim to fix any fps we are aware of as soon as possible. The forums here are monitored 24x7 and is the best way to report if there is one so we can fix quickly. 

 

Share this post


Link to post
Share on other sites

So is this officially a false positive then? I had the exact same 4 detections as the thread starter yesterday and i about had a heart attack.  

Share this post


Link to post
Share on other sites

@emoon326 You can read about GlassWire here.  https://www.glasswire.com/about/

I believe this false positive could have been caused by a code obfuscation technique we use to protect GlassWire from being modified for malicious reasons.

If you find there is somehow a REAL Trojan included in our official software downloaded from GlassWire.com and if you report it to our Bug Bounty program and we find it's true, we will pay you $10,000 USD (not joking).  Please note though that reporting a false positive for an antivirus program will not get you a $10K bounty.  We'd have to actually have a real Trojan somehow in GlassWire.

https://hackerone.com/glasswire

So far we have not accidentally included a Trojan in our software and I hope the precautions we take during development will make sure that never happens.

 

 

Share this post


Link to post
Share on other sites

I couldnt tell you exactly where it came(downloaded after fresh w10 install) i freaked out and reformatted everything again.  Im pretty sure it came from legit website. but i still have the the mbam log from the scan if that would help. Id have to get on after work and upload it.  When did this issue first occur? Are a lot of ppl having it? Is it only with mbam?

 

Pretty sure my detections are identical to op

Share this post


Link to post
Share on other sites

@emoon326

I'm sorry to hear you reformatted due to this issue.

I am not sure when the false positive appeared, but Malwarebytes was very quick to fix it.  I think we received around 4 or 5 complaints via email and our own forum but I am not sure how many people had the issue.

I think this will not happen going forward and I appreciate your patience.

Share this post


Link to post
Share on other sites

The false positive was removed. As such I will close this topic. If you're still showing a detection please update Malwarebytes

Thank you

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.