Application Rules

W10 Famille - 21H1 - 19043.1237 / CFW :


The FW is set at the level “Safe Mode”.
I use Glasswire to monitor my laptop’s Internet access.

I used the Microsoft PHOTOS program for the first time.
Its rating is “Trusted” (screeshot1).

Glasswire informs me that the PHOTOS program has connected to the Internet (screenshot2).

Because of the level “Safe Mode”, rules should have been created automatically in “Application Rules”. But no rule has been created.

There are no events in the FW and HIPS logs.

Would you have a possible explanation ?

Not unless you have “Create rules for safe applications” enabled for Firewall and/or HIPS in Safe Mode.

On the laptop :

  • FW : “Create rules for safe applications” is enabled
  • HIPS : “Create rules for safe applications” is disabled

As a test / check:

  • Close the Microsoft PHOTOS program
  • Create a new FW rule for the Microsoft PHOTOS program and set it to Block and Log, IP In/Out, Address Any, Port Any.
  • Move the created FW rule to the top of the Firewall rules list.
  • Start Microsoft PHOTOS program again and check if it still connects to the internet (also check FW Logs).

To create the rule, I could not access the program directly because of a problem of rights on the directory.
I ran the program and created the rule using the “Running process” function and setting “Log as a firewall event if this rule is fired” enabled.

I closed the program and ran it again.
There is no event in the FW log.

Maybe the program accesses the Internet at its first launch.

It could be that the Microsoft PHOTOS program connects to the internet using the svchost service.