Anyone even gets anything counted on AiProtection?

[khg]

I have AC66UB1 with 386.2.2 but all counter is zero, tried the suspicous site test but works, nothing has blocked.(and counter also 0) I think this feature is not working at all. I tried factory reset but still nothing however it is swithced on.

 

[Morris]

Works fine for me

 

[New2This]

I have seen nothing also collected. But once I shut it down and installed Suricata onto my AX88U. It seems to be catching some.

 

[Tech9]

RT-AC66U B1 running Asuswrt-Merlin 386.2_2 firmware, 6 klicks on malicious content links:

You have to disable your browser's Safe Browsing in order to trigger AiProtection response.

 

[NotA+]

Can they fix their typos on the block page please.

 

[jerry6]

only time it works for me is when my daughter comes over and she uses a guest network , counts about 29 blocks when she is in

 

[Nebulaz]

On RT-AC87U I had a lot of things counted there and displayed as "Blocked". On RT-AX58U, it's been weeks and months and all AiProtection counters are at ZERO. What's going on? I did tests and URL blocking does seem to actually work, but it counts nothing when it happens. Not with official ASUS firmware or latest Merlin builds.

I am don't think much about it because I am very careful about where I navigate to on the web. My assumption is that most of us here care dearly enough to protect our networks, and part of that is choosing where not to go.

 

[Wallace_n_Gromit]

After reading this thread, I thought I would check the AiProtection.

I see that the wife has something on her pixel phone (that showed up recently) that TrendMicro ID's as Malware.

When She gets up, I will have to show her this and troubleshoot what is raising TrendMicro/AiProtection alarm.

This site is a great source of Information/empowerment as per usual!

Additional Note: I have her Pixel 3a phone using NordVPN [always on].

I use Sophos Intercept X and Google Play Protect to periodically check for PUP's and Malware, nothing was reported.

Just recently, because she has been having trouble accessing/getting updates on her social media apps, I have split-tunneled her phone to have her social media apps not use NordVPN. Thus the recent results below. (i.e. since the VPN tunnel is no longer encrypting the social media traffic from the router/AiProtection, now the router/TrendMicro is able to filter/ID possible "bad" social media traffic), right?

 

[torstein]

By chance are your browsers using DoH? If so AiProtect will not work.

Wait, so if I have encrypted DNS as one gets with NextDNS, AiProtect doesn't work? Is that correct?

 

[Morris]

Wait, so if I have encrypted DNS as one gets with NextDNS, AiProtect doesn't work? Is that correct?

My wife and son are masters of tripping AI protection and it seems to be a strong part of our layered protection. I stopped using encrypted DNS, it works great except when it stops responding and needed tweaking and/or restarts. Going back to traditional DNS has resulted in solid reliability. We can't hide in the 21st century as we are monitored every ware. I point my DNS at various secure DNS sources depending on the application I'm protecting and this has worked well. I've also given up on the third party firewall applications plugins for Asus/Merlin as they have way too many false positives. This network is my home network and while I built it, I don't want to spend my days dealing with family members who are frustrated creating emergencies for me to address. The good news is that while my wife and son are blocked regularly by AiProtection there systems don't seem to be infected. Once, my son's computer did do a call back to a C&C server and that's when I was using encrypted DNS and a firewall plugin.

So my view is I'm much happier with stable, reliable commercial products that seem to provide safety at the cost of "privacy" with the huge advantage of set and nearly forget.

Morris

 

[Treadler]

Wait, so if I have encrypted DNS as one gets with NextDNS, AiProtect doesn't work? Is that correct?

I don’t believe so.
All my devices are Apple, & I have dns profiles installed on every device (using DoH encryption).
The ‘wicar’ malware test is blocked by aiprotect successfully, so I’m assuming encrypted DNS doesn’t matter?

 

[alba666]

Running DoT here and get AiProtection hits on wife’s and daughter’s devices.

 

[BarelyCompetent]

All: Thanks for all the posts. The discussion here helped me get mine to work. I was also having an issue where the Malicious Sites Blocking Counter was showing Zero no matter what I did. I did confirm that the Trend Micro test sites appeared to get blocked indicating that it was functioning.

To fix my issue, I clicked on the Malicious Sites Blocking Text as shown below:

It'll then take you to this screen below:

I noticed that there is a reset button available to the top right corner of the first box. It looks like this:

I reset the counter even though my counter was 0 at the time. After I did that, I revisited some of the Trend Micro test sites. At first it didn't look like it was working, but after about 30 seconds or so I refreshed my ASUS Admin webpage, and I also tried to visit the test sites again and noticed that the counter was now working! =)

I hope this works for others here as well. GOODLUCK TO ALL!

 

[paulbates]

As the job of catching bad hosts & ads moves to DNS, trendmicro has less and less to do because it's stopped all the way up stream. But, I do sometimes get TM hits.

I use a layered approach: DoT servers that claim blocking bad hosts and ads (no way for me to tell), TM at the router (less since DoT blocking servers), and a chromium ad blocking browser with additional ad blocking/bad host extensions/cookies. They catch things at different sites with very little functional disruption.

Everyone's list is a little different, so 'or-ing' these together catches a lot, for me.

(I have tried some of the Merlin blocking plugins, but for me it was the path to endless ocd fiddling to keep everything working)

 

[Sander_H]

See also this thread: https://www.snbforums.com/threads/malicious-site-blocking-still-working.77060/post-740740