rainspell

Level 1
Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell
 

mekelek

Level 28
Hi,

yesterday Gdata IS, I used since 2 weeks tells me a port scan was detected on my PC. It was he first time I see a message like this...
Since 20 years, none of the software I used, from KIS to Avast IS, detected something like that...

What should I do ?
Isn't a port scan usually the first step of an attack ?

Best regards,
rainspell
can you go there and make a screenshot of the log entry that is about this notification?
 

rainspell

Level 1
Hi,

the "funny" thing is that I wasn't able to find any log of this scan port...
Nothing was recorded on Gdata dashboard...
 

Mahesh Sudula

Level 12
Verified
Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..;)

It's that that worried me a lot...
When an attacker uses Nmap or Wireshark around your region..depends on the impact of it..Since Even a Free firewall stealth ports to most extent...You are free from the trouble
 
Last edited by a moderator:

rainspell

Level 1
Nothing to worry...it's common with G data firewall since it's very paranoid after Dr web
The thing is when I ran Trend micro House Call to scan my pc..he detected the port scan as well...Kaspersky caught that too..;)
Thanks for your answer :) Firewall is on optimal : it could be the explanation. On medium level, Gdata may have not report anything.
I will wait and see if it occurs again.
 

rainspell

Level 1
I just found the log - it was in the firewall logs, I haven't checked...

"Un ordinateur distant a analysé les services Internet (ports) ouverts de votre ordinateur. Le pare-feu a bloqué cette attaque.
Info réseau:
Réseau : Wi-Fi 2
Ordinateur distant : 172.217.19.46 (United States) (mrs08s03-in-f14.1e100.net (United States))"

In fact, I think there's nothing to worry about. A quick look at Whois : IP adress is one of Microsoft.
Good to see a firewall detect and block a legitimate request that some others AV will have let pass.
In matter of privacy Gdata seems to be very good:love:
 
D

Deleted member 65228

A false positive is not a good thing
Case by case basis.

With a firewall it could be helpful because it shows the firewall component is a bit sensitive which means it could also aid in preventing a more sophisticated attack which would have surpassed other vendors who have a more strict firewall.

The downside is it is only helpful if you are already knowledgeable and experienced.