G Data Discussion Forum

Discussion in 'other anti-virus software' started by rpk2006, Nov 21, 2022.

  1. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    Is there any discussion forum from G Data ? I checked their website. They don't have an email mentioned.

    I would like to send them issue with suspicious files it failed to detect yesterday. Today it has started detecting. I believe it is still highly dependent on signatures.

    Their Password Manager Firefox Plugin is not working. I found one email and sent the issue with screenshots. No response yet.
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
  3. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    Finally G Data responded on the email I found. I received two emails.

    For the Firefox extension they apologize and say they can't make it work. This option will be removed in a future release. So for Firefox, PasswordManager plugin won't be there. It works great with Chrome.
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @Brummelchen -- I value your opinions. How do you assess G-Data's effectiveness?
     
    Last edited: Nov 21, 2022
  5. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    I tested with few samples. G Data failed to detect as malicious. I checked it against VirusTotal where 6/67 detected it as malicious and alerted with Machine Learning. These six engines are not from well-known brands. So I think G Data's capability to detect unknown malware is doubtful. Once I submitted this sample, the next day it started detecting. This means it is heavily relying on signatures.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    If you can possibly remember any of the 6 engines that DID catch your test files as malicious, I would VERY much appreciate knowing their names.

    I am always on the look-out for lesser known brands to keep an eye on, such as those that did well in your test.
     
  7. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    I have not saved the results but I remember one: CrowdStrike Falcon.
     
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    CrowdStrike Falcon is enterprise only. Too bad.
     
  9. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    You can check: CheckPulse. Cloud and AI based. I installed Trial version. I noticed it warns of malicious files sometimes when G Data and other well known brands don't.
     
  10. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    However, this does not mean G Data is failing. Because I am checking files when right-clicked. Sometimes the behavior-based detection module is triggered when you execute the file and it performs bad operations.

    G Data Total Security is overall an excellent package. I really liked features like:

    - Creating encrypted Vault
    - Password Manager plugin for Chrome browser
    - Tuner
    - Dual Engine scan. I guess the other engine it uses is: BitDefender
    - File Shredder
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    for the record - i dont care about any antivirus, including defender. but defender is the only one i let do its work because of its integration without creating massive leaks as other security software: avast, avira, kaspersky, f-secure, k7 - and this is fact. if - and when - hell is going to freeze i would chose eset again.
     
  12. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    I discussed with G Data engineers to understand the multi-layer technology it uses to detect unknown malware. Both BEAST and DeepRay work when a file is executed. Before I was scanning a suspicious file from Windows context menu when it was not detecting.

    Today I created a Sandbox environment. Installed G Data Anti-Virus and executed the malware which it was not detecting during the scan. For few seconds nothing happened. No alerts. But suddenly the executable disappeared from the desktop and G Data BEAST trapped the unknown malware. Here is the alert I got:

    Impressed and trust now.

    https://ibb.co/dr3T78s

    https://ibb.co/dr3T78s
     

    Attached Files:

  13. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @rpk2006 Thank you VERY much for this follow-up to your previous post. You have renewed and increased my respect for G-Data.
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    At least that file has reached your system. in case of G-Data it has failed completely, it definitely happened to you, you were exploited. now its up on you to change your security concept where any antivirus is redundant. thats all i want bring to people - do not trust what an antivirus is telling you, or not telling you. G-Data only told you that you were exploited, but they dont have any clue how it happend. and i have doubt they told you what to do next. the password manager did not work, malware was found, it might intercepted any password transfer, so the gdata modul got exploited, do not tell any other because it is wrong. so you need to check and change any password used in gdata password safe, because it was exploited.

    next is to know that any current exploit modul is tested against all current antivirus programs. it was purpose not to get find that easily, not luck to have it found.

    in case of you it would set up that system from scratch. malware can behave different, not only exploiting, grabbing passwords, more to change windows security and create security holes where any antivirus must fail in the future. your system was compromised and thus no longer safe.
     
  15. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    What to do next? Why, simply restore a clean image and POOF!!! Everything becomes beautiful again!

    A security app that PREVENTS malware from being installed &/or executed is great, but a security app that DETECTS malware, during or after its execution, is equally great -- if & only if the User images often to an external storage device.

    G-Data's Beast is a Behavior Blocker (BB). A BB is there to detect zero-day & other malware not yet detectable by signature -- in other words, malware that gets by malware PREVENTION apps.

    To do its job, the BB observes the execution of the malware, & blocks it the instant that malware-type behavior is detected. Yes, it is possible that some damage may already have been done, as @Brummelchen stated. That's the reason why imaging software is THE single-most important component of one's security set-up.
     
  16. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Hi,
    You may want to look into https:
    //avlab.pl/en/19th-edition-of-protection-test-against-malicious-software/
    toward the bottom.
     
  17. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    You are relying on signatures. Behavior Monitoring, is being used by all the products. Behavior Monitoring only works when the malware is actually executed. Only then it can understand the behavior. Further, these tests I performed in the Sandbox Environment.

    That being said, I have been using ESET from more than 12 years but this is the first time I purchased G Data Total Security for another machine. ESET, no doubt, has best detection rate, but yesterday I executed a sample which escaped ESET altogether.

    Behavior Monitoring is meant to be after execution. No antivirus is fool-proof. You need to run secondary opinion tool once a week.

    Also read this:
    The real reason why malware detection is hard—and underestimated
     
    Last edited: Nov 24, 2022
  18. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    A better solution is to make an image backup daily. Second opinions are not really necessary.
     
  19. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Both can be useful.

    After all if you don’t know if your system is/was infected, then most people won’t bother to restore a backup.
     
  20. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    If you use a good Internet Security tool as primary defense and good second opinion tool regularly, you won't need to restore a backup. I tried using CatchPulse in conjunction with G Data. Both work seamlessly without interfering each other. Since CatchPulse is a cloud-based AI tool, it alerted me of a suspicious file when G Data didn't. Later I tested the same file in a sandbox environment with G Data, the behavior monitoring intercepted it.

    Though it is advisable to create an image of fresh system always handy.
     
  21. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    read it again: you got exploited

    malware has reached your system. and behavior blocker only react on running processes, not on not executed programs.

    ^^ - this is a second option. if you dont care, your problem, your money, your accounts - i dont need to care. you have settled on an antivirus which has failed, no doubt. spend more money for nothing.
     
  22. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    It was tested on sandbox environment not real environment.

    BTW, which product you trust ? I tested with ESET as well. It failed to detect one sample. Both signature and behavior.
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Great question -- but possibly wasted on an inveterate contrarian.
     
    Last edited: Nov 24, 2022
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    dont mind. he has lost focus on the current problem and acting three steps ahead now (other threads).
     
  25. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,961
    I recall one my past test that increasing the detection kernel level to aggressive brought better results but on the other hand I encountered more alerts then.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.