What's new

AiProtection: GUI always shows 0

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Kanji-San

Regular Contributor
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?
 
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?[/QUOTE
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?

I have a raspberry pi running FreePBX for testing and i notice that if I open port UDP 5060 ips starts to show 890+ hits on the same port indicating that my PBX is infected whit some cve.
 
All showing zeroes means no events. Test here https://www.wicar.org/test-malware.html. Disable browser protection to see Trend in action. Malware filtering DNS plus Skynet and your router simply has nothing to detect. I don't use AiProtection at all now. No need to see all zeroes anyway.
I tried that and I see the Asus warning webpage however the count for Malicious Sites Blocking stays at 0. Shouldn't it go up?
 
Similar issue - haven’t seen Two-Way IPS hits for over a year now. Threads indicate something with ASUS code that Merlin cannot address, but I would like to see reaffirmation of that if someone knows for sure
 
I tried that and I see the Asus warning webpage however the count for Malicious Sites Blocking stays at 0. Shouldn't it go up?

Yes, but it takes some time. It's not an instant indication. Log out of the GUI and check back a bit later.
 
Yes, but it takes some time. It's not an instant indication. Log out of the GUI and check back a bit later.
I tried that but it never changes, always 0. Is there another component that I might have disabled that is required such as the Asusnat tunnel (which I disabled)?
 
Are you in a double NAT setup? Is your router showing an actual external IP address? :)
 
Are you in a double NAT setup? Is your router showing an actual external IP address? :)
No double NAT setup. The router sees my correct external IP address.
 
Similar issue - haven’t seen Two-Way IPS hits for over a year now. Threads indicate something with ASUS code that Merlin cannot address, but I would like to see reaffirmation of that if someone knows for sure
For whom is any of the AiProtection components working?
 
What router do you have? Does flashing 384.17_0 release final fix it?

When was the last time you did a full reset and a minimal and manual configuration to secure the router and connect to your ISP (without loading a saved backup config file afterward)?
 
What router do you have? Does flashing 384.17_0 release final fix it?

When was the last time you did a full reset and a minimal and manual configuration to secure the router and connect to your ISP (without loading a saved backup config file afterward)?
RT-AC68U. Last complete full setup with manual configuration was four months ago. I have not tried 384.17 since 384.16 runs quite well and I don't want to mess with a running system :)
 
@Kanji-San it seems it may not be running optimally though? :)

@K-2SO that depends on what the two routers are. If they're identical and both set up the same way, one will show 'zero' always. :)
 
I have not tried 384.17 since 384.16 runs quite well and I don't want to mess with a running system :)

384.17 is just components update, see the changelog. It won't break anything.

If they're identical and both set up the same way, one will show 'zero' always.

I said it works in double NAT. You're talking about double AiProtection. Two different things.
 
For whom is any of the AiProtection components working?

I have a RT-AC68U as well on v384.16 with Diversion & Unbound, no Skynet. i just tested the wicar.org site and my Malware Sites Blocking and Two-way IPS counts did go up for each test. The Asus AI protect page does not seem to show up with Chrome as Google Safe Browsing blocks these sites but using IE seems to trigger the Asus page.
 
Last edited:
Asus AI protect page does not seem to show up with Chrome as Google Safe Browsing blocks these sites but using IE seems to trigger the Asus page.

Of course. I'm assuming they test AiProtection. Not browser protection.
 
Keep in mind that the engine version varies between models. I know that for a while, logging was broken. I know that it's fixed in the GPL version I have merged in for the RT-AX88U, however I have no idea if each and every other models also have a fixed version merged in yet - Asus's GPL releases have been pretty scattered for the past 6-8 months.
 
Interesting.

I recently change my good old rt-ac56u for the rt-ax58u (thanks Erik, it took time to get it, but without Merlin support on it was not an option).

I have also observed the same behavior, with the previous model it was usual to have tens or hundreds of new registrations per day, since the installation of the new Router I have not seen the counter to move up. The configuration of both is very similar, leaving aside the differences between them, and some minor settings.

Maybe is only a logging issue or simply IAProtection is not working after all.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top