Advice Request G Data bug?

Please provide comments and solutions that are helpful to the author of this topic.

sepik

Level 11
Thread author
Verified
Well-known
Aug 21, 2018
505
Hello,
I have G Data IS with Malwarebytes Premium installed. G Data is set to detect malware on execution only. However, there's a setting "monitor critical folders in particular" which means, as i understand, every file written to "critical folders" are checked when writing or reading(it overrides on execution setting).
So i made c:\test folder, and set up G Data to monitor that "critical folder in particular". So i assume, when i download or unzip a malware file to that folder, it should detect it when writing? But it does not do that. Malware sample is old, so G Data should detect that(static scan detects it).
Is that a some kind of a bug or is it just me? Any G Data user can confirm that? Tested with / without Malwarebytes installed.

Kind regards,
-sepik
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Hello,
I have G Data IS with Malwarebytes Premium installed. G Data is set to detect malware on execution only. However, there's a setting "monitor critical folders in particular" which means, as i understand, every file written to "critical folders" are checked when writing or reading(it overrides on execution setting).
Do you have already tried other samples or just that "Eicar" test file ?

Maybe it's a kind of misinterpretation from our user side... as always the best way would be just going to ask support by GData
 
F

ForgottenSeer 89360

This is from the manual located here: Confluence Mobile - Help Center
  • Monitor critical folders in particular: You can use this function to specifically check especially critical folders, e.g. folders shared on the network, personal data or Cloud services (such as Microsoft Dropbox, OneDrive, Google Drive etc). After you have made your selection in the dialogue box, this is then always monitored in Check read & write access mode – regardless of the settings you use for all other files, folders and directories. If you have selected the Check read & write access mode for all files by default, the settings option for critical folders is greyed out.

It looks like interpretation is right. Best thing to do is to open a support ticket with them. You might also exit Malwarebytes from the tray menu and download Eicar Test File.
 

sepik

Level 11
Thread author
Verified
Well-known
Aug 21, 2018
505
@silversurfer
Tested with old and new samples, but not with eicar. However, if static scan detects it, it should detect it also when written to that specific folder.

@McMcbrad
I will open a support ticket, but before that, i do like to be sure that other G Data users here can confirm this "bug"

It also can be possible that i did something wrong, too. :( :)
 
F

ForgottenSeer 89360

@McMcbrad
I will open a support ticket, but before that, i do like to be sure that other G Data users here can confirm this "bug"

It also can be possible that i did something wrong, too. :( :)
Are you sure your engine configuration is the same? Engine A and B for both scan and real-time protection?
Also, try doing another test folder, for example on the Desktop.
 

sepik

Level 11
Thread author
Verified
Well-known
Aug 21, 2018
505
@McMcbrad
In General Settings
- both engines (A=Bitdefender, B=CloseGap) are enabled
- monitor mode set to check on execution only

In Realtime Protection settings:
-Both engines enabled
--Advanced settings, only check on execution
--Monitor critical folders in particular
---added c:\test -folder
 

sepik

Level 11
Thread author
Verified
Well-known
Aug 21, 2018
505
UPDATE

After couple of emails with the G DATA support team, they finally managed to reproduce the bug that i've reported them. The first level support team could not reproduce the bug.

The second level team has managed to reproduce the behaviour. They have forwarded their findings to development. Unfortunately, due to the holiday season, we are likely to have to wait a while for an answer, probably sometime in January.

So hopefully the next update will be out this month.

Kind regards,
-sepik
 

sepik

Level 11
Thread author
Verified
Well-known
Aug 21, 2018
505
Hello,
I'm trying to add files (whitelisting malwarebytes drivers) to realtime protection exception list.
In G Data settings, when browsing the files in \Windows\System32\Drivers it only shows 4 files and 2 directories there. There should be total 9 directories and over 400 files in that dir. Directories and the files there are not hidden.

Is this "by design" ? I can add other files in other directories within windows folder, but i cannot add files inside \Drivers -folder because i can't see them.
Sure i can add them to exception list by manually writing the whole path and the filename.

If there's other G Data users here, can you please test this behavior if it happens to you too.

-sepik
 

gery79

Level 12
Verified
Top Poster
Well-known
Jun 21, 2011
566
when my computer says C:\#GDATA.Recovery.Data# / ...is not in the system....is this possible? what should i do next....gdata support is not helping at all.
 
  • Like
Reactions: Nevi

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312
I am currently testing the Internet Security suite but I cannot find that directory. Did you install the backup module?
 
  • Like
Reactions: Nevi

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312
uninstalled it 3 times and still the same thing...buh....and their support over email is nerve wrecking .....
Can you upload a screenshot of the error? I installed the Total security on a test machine but cannot find the path or simulate the error.
 
  • Like
Reactions: Nevi

gery79

Level 12
Verified
Top Poster
Well-known
Jun 21, 2011
566
20210819_130705.jpg
 
  • Like
Reactions: Nevi

gery79

Level 12
Verified
Top Poster
Well-known
Jun 21, 2011
566
beside this i see that it has not updated for the past day and i have to do it manually....Seems like it does not like my computer
 
  • Like
Reactions: Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top