Jump to content

GlassWire Network Security Monitor & Firewall False Positive


Recommended Posts

We often recommend Malwarebytes to our customers and I don't recall there being a false positive with GlassWire/Malwarebytes in the past.  Unfortunately now we are receiving complaints about a false positive and we need your assistance please.

You can download our installer from here https://www.glasswire.com/download/.

The false positive screenshot is attached.

Thank you for your assistance.


-Log Details-
Scan Date: 6/11/20
Scan Time: 8:52 AM
Log File: 65a7c437-abe2-11ea-a534-201a06b471c5.json
-Software Information-
Components Version: 1.0.931
Update Package Version: 1.0.25366
License: Premium
-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 320950
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 22 min, 38 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
-Scan Details-
Process: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , ,
Module: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , ,
Registry Key: 1
Trojan.MalPack, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlassWire, No Action By User, 555, 830500, , , ,
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, 1.0.25366, , ame,
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)




Link to post
Share on other sites


Thank you.  Does Malwarebytes have some sort of white list or partner program to help avoid future false positives?

We often recommend Malwarebytes to our customers because we think it's great (with no financial incentive to do so) so it's obviously very bad when we recommend a software that says GlassWire is a Trojan.

Thank you @Mikemo05!

Link to post
Share on other sites

Maybe Malwarebytes can confirm the version number of the update package that will resolve this issue? I just received a new update package a few minutes ago, and this false-positive issue still exists.

My current version numbers in the attached screenshot.

2020-06-11 09_27_15-Malwarebytes Premium  4.1.0.png

Link to post
Share on other sites

@emoon326 You can read about GlassWire here.  https://www.glasswire.com/about/

I believe this false positive could have been caused by a code obfuscation technique we use to protect GlassWire from being modified for malicious reasons.

If you find there is somehow a REAL Trojan included in our official software downloaded from GlassWire.com and if you report it to our Bug Bounty program and we find it's true, we will pay you $10,000 USD (not joking).  Please note though that reporting a false positive for an antivirus program will not get you a $10K bounty.  We'd have to actually have a real Trojan somehow in GlassWire.


So far we have not accidentally included a Trojan in our software and I hope the precautions we take during development will make sure that never happens.



Link to post
Share on other sites

I couldnt tell you exactly where it came(downloaded after fresh w10 install) i freaked out and reformatted everything again.  Im pretty sure it came from legit website. but i still have the the mbam log from the scan if that would help. Id have to get on after work and upload it.  When did this issue first occur? Are a lot of ppl having it? Is it only with mbam?


Pretty sure my detections are identical to op

Link to post
Share on other sites


I'm sorry to hear you reformatted due to this issue.

I am not sure when the false positive appeared, but Malwarebytes was very quick to fix it.  I think we received around 4 or 5 complaints via email and our own forum but I am not sure how many people had the issue.

I think this will not happen going forward and I appreciate your patience.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.