AiProtection issues: No alert by e-mail message, invalid link to TTI

[Doomer]

I am not sure if it's an issue that can be solved by Merlin build or if it need to be fixed by Asus, but I found 2 issues not reported by:

1. AiProtection Alert message not working

The Alert seems not working after configured, even setting up "less secure connection" in my Google account.

2. Malware alert page with invalid link

There is 2 issues on this page: The "download" link uses a shortlink service that disabled the redirection, and the "GO" button does not work, it does not have any link on it.

--

I found a thirt issue related to Two-Way IPS or Infected Device Prevention and Blocking, when one of these is enabled my Skype for Business app is unable to connect, but I am troubleshooting it.

Thanks.

 

[Gouldin]

When setting up the email notications, skip typing out the @gmail.com just use the first bit of the email adress, it'll work after that and display correctly.

Can't help with the 2nd part.

 

[Doomer]

When setting up the email notications, skip typing out the @gmail.com just use the first bit of the email adress, it'll work after that and display correctly.

Can't help with the 2nd part.

Does not works for me
Are these messages sent immediately or it's sent periodically?

 

[Jack Yaz]

Make sure you're using an app password for your Google account if you have two factor authentication turned on.

 

[AndreiV]

Basically TrendMicro AiProtection is broken and in my view utterly pointless.

The email alert problem has been around for years now. Works sometimes/for some people but not others. I had to set the email system several times to get it working only to have it stop again weeks later.

TrendMicro is known to simply stop reporting anything for weeks at a time.

AiProtection continually flags "events" that can't even affect ASUS routers.

The infected device protection is a nightmare and yes, it blocks Skype and many other apps and services, worse it is another part of AiProtection that gets things very wrong, ie: a Windows PC running TrendMicro security suite was being flagged as malicious, the offending connection it was trying to send data to was TrendMicro's own antivirus update server . We had the same here with my son's PC running Kaspersky, the traffic between PC and update server again being blocked and flagged as malicious , in other words Trend micro was actually reducing security not enhancing it.

The broken URL link you refer to pointed to the TrendMicro product sales page , in other words it is basically a spam link , having blocked a (possibly) bad site they want to scare you into paying for their antivirus product.
Staying safe without TrendMicro is easy enough, use a strong password for your router, don't allow remote/WAN access . Don't play with router settings you're not sure of.

DNS servers like Quad9 or OpenDns provide protection against bad sites and all modern browsers already provide protection against bad sites. On Windows systems use a limited user account, turn user account protection to maximum and run a decent antivirus, Microsoft Defender is now rated at 100% , matching the best premium suites.

 

[Vexira]

Basically TrendMicro AiProtection is broken and in my view utterly pointless.

The email alert problem has been around for years now. Works sometimes/for some people but not others. I had to set the email system several times to get it working only to have it stop again weeks later.

TrendMicro is known to simply stop reporting anything for weeks at a time.

AiProtection continually flags "events" that can't even affect ASUS routers.

The infected device protection is a nightmare and yes, it blocks Skype and many other apps and services, worse it is another part of AiProtection that gets things very wrong, ie: a Windows PC running TrendMicro security suite was being flagged as malicious, the offending connection it was trying to send data to was TrendMicro's own antivirus update server . We had the same here with my son's PC running Kaspersky, the traffic between PC and update server again being blocked and flagged as malicious , in other words Trend micro was actually reducing security not enhancing it.

The broken URL link you refer to pointed to the TrendMicro product sales page , in other words it is basically a spam link , having blocked a (possibly) bad site they want to scare you into paying for their antivirus product.
Staying safe without TrendMicro is easy enough, use a strong password for your router, don't allow remote/WAN access . Don't play with router settings you're not sure of.

DNS servers like Quad9 or OpenDns provide protection against bad sites and all modern browsers already provide protection against bad sites. On Windows systems use a limited user account, turn user account protection to maximum and run a decent antivirus, Microsoft Defender is now rated at 100% , matching the best premium suites.

I believe you haven't configured it correctly I never had such issue, I'd factory reset the router and run malware scans on the affected system, form my experience it's quite efficient but that doesn't mean that someone else won't have a bad experience, which Skype version UWP or the standard version.

 

[AndreiV]

I believe you haven't configured it correctly I never had such issue, I'd factory reset the router and run malware scans on the affected system, form my experience it's quite efficient but that doesn't mean that someone else won't have a bad experience, which Skype version UWP or the standard version.

There is nothing to misconfigure . AiProtection is on or off. The email system has been a problem for years as proven by the huge number of complaints posted here over time.
We even had contact with ASUS support and checked the email settings. The problem is well documented.

 

[Doomer]

There is nothing to misconfigure . AiProtection is on or off. The email system has been a problem for years as proven by the huge number of complaints posted here over time.
We even had contact with ASUS support and checked the email settings. The problem is well documented.

Glad about you rfeedback, I disabled everything and withdraw the TrendMicro stuffs, I will focus my sec controls on my endpoints

Thanks a lot

 

[Vexira]

There is nothing to misconfigure . AiProtection is on or off. The email system has been a problem for years as proven by the huge number of complaints posted here over time.
We even had contact with ASUS support and checked the email settings. The problem is well documented.

I'm referring to a mis configuration of the router it self people tend to flash the firmware without factory reset every few versions which can create some form of issues.

You stated it blocked Skype and the trend micro update which version and package of trend micro were you running because that sound more like your system has been compromised than a false positive.


The issue with quad 9 is that,
One you have no access to those block list to white list anything, your better off to run pi hole in that case with security based block lists.

2 DNS based blocking can be bypassed by https traffic, trends dpi engine can detect the malicious packets.

3. The email system is not as bad as stated so unless at the time of usage there is a major bug in trend or the firmware, I have major doubts that, a factory reset can't fix, I've only seen a minor number of posts complaining about it I have a theory that the router could be possibly faulty which is something to check for.

The only time I really had a problem with trend was when the stats were not updating but that was a major and we'll documented issue a few versions back.

 

[Doomer]

I'm referring to a mis configuration of the router it self people tend to flash the firmware without factory reset every few versions which can create some form of issues.

You stated it blocked Skype and the trend micro update which version and package of trend micro were you running because that sound more like your system has been compromised than a false positive.


The issue with quad 9 is that,
One you have no access to those block list to white list anything, your better off to run pi hole in that case with security based block lists.

2 DNS based blocking can be bypassed by https traffic, trends dpi engine can detect the malicious packets.

3. The email system is not as bad as stated so unless at the time of usage there is a major bug in trend or the firmware, I have major doubts that, a factory reset can't fix, I've only seen a minor number of posts complaining about it I have a theory that the router could be possibly faulty which is something to check for.

The only time I really had a problem with trend was when the stats were not updating but that was a major and we'll documented issue a few versions back.

I have 4 (clean and w/ different OSs) systems, all of them clean and Skype for Business is unable to connect to the server when I enable Ai Protection features.
You are wrong about dns, dns solve names into ips, does not matter if it's http or https. Of course there is no package analysis on a DNS protection, it only supress the Malicious Sites Blocking feature of AiProtection.
I never configured AiProtection or email alerts of it before, so it's not an issue related to old setup/firmware .

 

[Vexira]

I have 4 systems, all of them clean and Skype for Business is unable to connect to the server when I enable Ai Protection features.
You are wrong about dns, dns solve names into ips, does not matter if it's http or https.
I never confirmed AiProtection or email alert before, so it's not an issue related to old setup/firmware .

I'm not wrong about dns, it's just that you didn't read what I said obviously, allow me to re clarify:

"DNS based blocking can be bypassed by https traffic, trends dpi engine can detect the malicious packets."

I think you mean that dns resolves into IP address, quad 9 is just a DNs server with DNS based filtering,
you could achieve the same results with either pi hole or diversion, and still be able to have access to the white list and in block any false positives which you can't do via quad 9.

Also there is more to DNS that just IP resolution. If you haven't tested a factory reset and manually re configured it then you can't tell me that is not an issue related to an old configuration.

I actually run a pihole which is a DNS filter like quad 9, I spend alot of time doing research in to blocking ads tracking and other garbage form the internet.

Have you actually checked the router to see which sites were being blocked by trend micro and why, as in what it was detected as which is the reason it was blocked. because just turning it off is not going to find the actual issue.

 

[Vexira]

I'm just trying to help troubleshoot the issue not here to be told that I'm wrong by trying to explain something by someone who didn't read, the prior statement, because saying it's not the result of this or that I'm, more interested in if that suggestion has been test out first.

Also it's advisable to check your email spam or junk folders.

 

[AndreiV]

I'm referring to a mis configuration of the router it self people tend to flash the firmware without factory reset every few versions which can create some form of issues.

You stated it blocked Skype and the trend micro update which version and package of trend micro were you running because that sound more like your system has been compromised than a false positive.


The issue with quad 9 is that,
One you have no access to those block list to white list anything, your better off to run pi hole in that case with security based block lists.

2 DNS based blocking can be bypassed by https traffic, trends dpi engine can detect the malicious packets.

3. The email system is not as bad as stated so unless at the time of usage there is a major bug in trend or the firmware, I have major doubts that, a factory reset can't fix, I've only seen a minor number of posts complaining about it I have a theory that the router could be possibly faulty which is something to check for.

The only time I really had a problem with trend was when the stats were not updating but that was a major and we'll documented issue a few versions back.

1) You can't white list AiProtection either! With both systems you can mail them if you feel a blocked address is wrong , whether they respond is another matter.

2) And VPN's can bypass AiProtection........

3) The email system problem is well documented , it may work for you but NOT for many others.

Repeating an earlier posts but I (and many other users) have seen issues with AiP NOT blocking URL's that then get picked up by browser security or antivirus programs, checking a a long list of these URL's at TrendMicro showed they were indeed in the database, yet they were allowed through AiProtection on the routers.

My router and the 22 others I look after are ALWAYS refreshed at firmware upgrade and always have been. Been doing this stuff since the early 1970's

 

[RMerlin]

Asus has made changes to their Google OAuth handling in their recent 384_81049 release. No idea if it will make email notification more reliable or not (I don't use that myself).

 

[Vexira]

1) You can't white list AiProtection either! With both systems you can mail them if you feel a blocked address is wrong , whether they respond is another matter.

2) And VPN's can bypass AiProtection........

3) The email system problem is well documented , it may work for you but NOT for many others.

Repeating an earlier posts but I (and many other users) have seen issues with AiP NOT blocking URL's that then get picked up by browser security or antivirus programs, checking a a long list of these URL's at TrendMicro showed they were indeed in the database, yet they were allowed through AiProtection on the routers.

My router and the 22 others I look after are ALWAYS refreshed at firmware upgrade and always have been. Been doing this stuff since the early 1970's

Sounds like I could learn a lot form you if you don't mind teaching ,
One thing I learnt in life people old than oneself have alot of things they can teach.

1. That's why I suggested pi hole or diversion since they allow for local whitelist, I run ip hole along side ai protection, to have extra layers.

2. VPNs bypass everything, if you know of a good one you could suggest in interested since I live in Australia, and my ISP is storing meta data and they have their own filter annoying.

3. I made a mental list of sites that I've had it flag up on which for me is rare now that I have anything flag up anymore, I guess it's cause I don't download torrents any more except for new kind distributions when I feel the need to play with my VM.

The just need to drop a new signature update that corrects any false positives, which with any security software is a pain

3. If it's broken then I hope it's fixed, to make everyones life easier, also that you for reminding me, I need to do a reset on mine and I'll go set up emails again.

 

[AndreiV]

VPNs bypass everything, if you know of a good one you could suggest in interested since I live in Australia, and my ISP is storing meta data and they have their own filter annoying.

Aha and so will AiProtection, they collect the visited site information

VPN's ....... I use NordVPN and it does all I need , works especially well on Android if you download the .apk file direct from Nord and not from GooglePlay , with CyberSec enabled all the tracking/malware and adverts vanish

 

[Vexira]

Aha and so will AiProtection, they collect the visited site information

VPN's ....... I use NordVPN and it does all I need , works especially well on Android if you download the .apk file direct from Nord and not from GooglePlay , with CyberSec enabled all the tracking/malware and adverts vanish

The worst part is that it's every isp doing it they were mandated by the government some anti terror and piracy laws and its makes the internet slower, with congestion on the network, it's bad enough that I'm on a 20 year old copper cable with a VDSL2 connection.

I was half tempted to play with snort ips, I'll look into Nord VPN soon thanks for that suggestion.
I appreciate it

 

[martinr]

This prompted me to look at my AIProtection info on my router. Nothing since June, and, consequently, no email alerts either. So I figured it might have stopped working.

So, I temporarily disabled Skynet with Option 9 (I have banmalware enabled) and put brokercdn.com into my browser. The Trend Micro warning page on the router popped up. (I have tested brokercdn.com before so it’s now been incorporated into Skynet, hence the need to disable it.)

“Warning! The website contains malware. Visiting this site may harm your computer
RT-AC68U
Detailed informations:”

And very soon afterwards I received the alert email.

(Not forgetting to restart Skynet, Option 8)

So I’m pleased that AIProtection is working for me, and, as L&LD has said: thanks to Diversion and Skynet AIProtection has very little to do these days.

 

[martinr]

This prompted me to look at my AIProtection info on my router. Nothing since June, and, consequently, no email alerts either. So I figured it might have stopped working.

So, I temporarily disabled Skynet with Option 9 (I have banmalware enabled) and put brokercdn.com into my browser. The Trend Micro warning page on the router popped up. (I have tested brokercdn.com before so it’s now been incorporated into Skynet, hence the need to disable it.)

“Warning! The website contains malware. Visiting this site may harm your computer
RT-AC68U
Detailed informations:”

And very soon afterwards I received the alert email.

(Not forgetting to restart Skynet, Option 8)

So I’m pleased that AIProtection is working for me, and, as L&LD has said: thanks to Diversion and Skynet AIProtection has very little to do these days.

It’s dawned on me that I’ve done a pretty stupid thing: I know from previous experience that AIProtection blocks that brokercdn.com, but I was using that site to confirm AIProtection was still working. I have no idea what it is about the site that AIProtection objects to or the damage it might do if AIProtection wasn’t working.

On Virustotal, only 3 say the site is malicious but that’s not the point.

I need to think up a better test.

 

[Natey2]

When I SSH into my AC88, I found a text file (dead.letter I think) with the e-mail alert... i.e. the router's attempt to e-mail the alert to me that never got sent.

Sent using Tapatalk