Does AiProtection really work?

[RainGater96]

I see that AiProtection dishes out colorful description on the various features but how effective it is? I know it's better than nothing but it adds roughly about 30% more RAM usage as I see constant activity. When I disable AiProtection, the RAM usage comes back down about 30%.

I enabled it for a week and so far, it's hasn't caught anything - which is good but wondering how many of you use it?

Two-Way IPS
The Two-Way Intrusion Prevention System protects any device connected to the network from spam or DDoS attacks. It also blocks malicious incoming packets to protect your router from network vulnerability attacks, such as Shellshocked, Heartbleed, Bitcoin mining, and ransomware. Additionally, Two-Way IPS detects suspicious outgoing packets from infected devices and avoids botnet attacks.

Infected Device Prevention and Blocking
This feature prevents infected devices from being enslaved by botnets or zombie attacks which might steal your personal information or attack other devices

Malicious Sites Blocking
Restrict access to known malicious websites to protect your network from malware, phishing, spam, adware, hacking, and ransomware attacks.

Also, we have to give TrendMicro full access and not sure how secure it is... I am sure this must have been discussed before but would like your latest take on it?

For AiProtection, Traffic Analyzer, Apps analyzer, Adaptive QoS/Game boost, Web history:
Please note that your information will be collected by Trend Micro through the above functions.
If you would like to disable sharing your information with Trend Micro through the following functions, please click [Withdraw] below. However, please note that such features/functions may not work if you stop sharing your information with Trend Micro.

 

[bbunge]

Yes!
Edit: This is not my home network but an office at a not-for-profit. I clean this out weekly and am continually warning folks about their browsing habits. Falls on deaf ears. I also use Cloudflare 1.1.1.3/1.0.0.3 DNS but some things still get through.

 

[Gregory Phillips]

OMG yes it works!

 

[RainGater96]

OMG yes it works!

I like your enthu. lol

 

[Tech9]

Why don't you test AiProtection yourself, @RainGater96?
Go to this website - https://www.wicar.org/, disable your browser's Safe Browsing features and click on test links. It's safe, tests only. If you see AiProtection generated screen popping up - it's working. TrendMicro is providing services in exchange of data they collect. More details here:

Global Privacy Notice | Trend Micro

Read Trend Micro's Global Privacy Notice.

www.trendmicro.com

Smart Home Network | Data Collection Notice

Smart Home Network includes the following modules which, when enabled, will cause the corresponding data to be transmitted to Trend Micro.

helpcenter.trendmicro.com

You can always Withdraw your data sharing consent in Administration - Privacy

 

[RainGater96]

Why don't you test AiProtection yourself, @RainGater96?

You can always Withdraw your data sharing consent in Administration - Privacy

I guess you didn't read my post properly. I have it turned ON for the past week or so and don't see it catch anything (didn't try the test links) other than it consumes more RAM (not that it matters) and see reduced downloads/upload speeds - maybe, about 20 - 50 Mbps lower when I have it running.

I have a 500/500 connection, so a small reduction in speeds don't matter much for the extra security if it actually works - this and data collection were my questions in a nutshell.

Yes, I read their privacy notice before I even turned it ON. If the general consensus is that people are happy with AIP, then I am game.

 

[Tech9]

I guess you didn't read my post properly.

This forum has >50,000 members. How many answers will you accept as general consensus? While you wait for answers, test with the site above and see if it catches the example malware. Read the privacy links and decide for yourself if you are willing to share info with TrendMacro in exchange.

 

[RainGater96]

This forum has >50,000 members. How many answers will you accept as general consensus? While you wait for answers, test with the site above and see if it catches the example malware. Read the privacy links and decide for yourself if you are willing to share info with TrendMacro in exchange.

I am in no hurry as any and all responses will make my decision easier. If no one responds, that's fine with me too.

Believe it or not, I tried the test links when I searched for AIP before posting this. I am looking for real world experiences from users like yourself.

And, the software is always evolving and that's why I was curious whether they made it better now as some of the posts may not reflect the recent changes to AIP.

Questions about AiProtection and DPI

hello I would like to know more about the functioning of Ai Protection and especially IPS. I looked for more information but maybe not at the right place because i wasnt able to satisfy my curiosity :) From what i understand, there is tools like Suricate wich inspects packets for malicous...

www.snbforums.com

AiProtection AX82U Performance

Hello, For those of you using AiProtection, do you notice throughput decreases? I’m on a wired connection to an AX82U on the most recent Asus firmware. With AiProtection off I see 950mbps down with low cpu usage. With it on I get 750mbps with 100% solid usage on Core 1. I’m guessing using it...

www.snbforums.com

 

[follower]

I see that AiProtection dishes out colorful description on the various features but how effective it is? I know it's better than nothing but it adds roughly about 30% more RAM usage as I see constant activity. When I disable AiProtection, the RAM usage comes back down about 30%.

I enabled it for a week and so far, it's hasn't caught anything - which is good but wondering how many of you use it?



Also, we have to give TrendMicro full access and not sure how secure it is... I am sure this must have been discussed before but would like your latest take on it?

A consumer grade firewall is more trouble than it's worth. It's just a marketing tactic. I can say it's just garbage. Free firewall or protection system for router users?
They just want to collect personal data. Free protection system is just a bait to collect consumer data. Filtering, scanning network packets and routing at the same time with low performance hardwares?That's BS. However it can give a placebo effect to some users. They feel secured and protected.

 

[RainGater96]

A consumer grade firewall is more trouble than it's worth. It's just a marketing tactic. I can say it's just garbage. Free firewall or protection system for router users?
They just want to collect personal data. Free protection system is just a bait to collect consumer data. Filtering, scanning network packets and routing at the same time with low performance hardwares?That's BS. However it can give a placebo effect to some users. They feel secured and protected.

Appreciate the feedback as this is exactly what I was looking for. All positive and negative feedbacks are most welcome.

 

[dlandiss]

. I am looking for real world experiences from users like yourself.

Here you go:

 

[RMerlin]

Filtering, scanning network packets and routing at the same time with low performance hardwares?That's BS.

No it's not, it definitely works. Proof? Adaptive QoS. You can see with your own eyes the classification engine being able to identify trafic types. If it can identify the type of trafic, then being able to identify malicious trafic is just another bunch of categories.

Trend Micro's engine achieves that with a low performance impact by only analyzing a specific portion of the packets.

Malicious website blocking is very easy to test yourself. And I actually had it block a site here only three days ago.

I haven't had any IPS event blocked in a long time, but I had an incident a few years ago where it detected and blocked an RDP brute force attack that hit one of my machine that had been temporarily opened to the WAN for a specific project of mine.

 

[bitsbytes]

it's working for me...I really need to do something about that extra ac68u. I don't know what the people connected to it are doing cause all the hits are coming from there.

 

[RainGater96]

it's working for me...I really need to do something about that extra ac68u. I don't know what the people connected to it are doing cause all the hits are coming from there.

It looks like only malicious site blocking is showing lots of activity. If you have the browser extension to block ads (Malwarebytes, for instance), I think you wouldn't see anything?

 

[Justinh]

You can always Withdraw your data sharing consent in Administration - Privacy

Just to be sure, because I'm not sure how to interpret your statement in the larger picture, if you withdraw the consent, then the service is turned off, right? IOW, consent is required to have the service on?

 

[Tech9]

consent is required to have the service on?

Yes. For all services using TrendMicro engine, listed in Administration, Privacy UI page.

 

[Hazel]

As this (see below) is the harvest of the last two months and three weeks, it looks to me like the combination of NextDNS (with only the oisd blocking list and OS-specific tracking blocking list for Windows and iOS) and ProtonVPN's Netshield are doing a great job together. All 12 hits were from the same site where my kid was protected from a notorious Roblox scammer luring him into his web with a promise of free Robux. I've added that site to the manual blocking list months ago, so I think I can safely opt-out of Trend Micro now.

 

[Tech9]

I think I can safely opt-out of Trend Micro now

You can, but Adaptive QoS, Parental Controls, App Analyzer, Traffic Analyzer and Web History will stop working as well.

 

[Hazel]

You can, but Adaptive QoS, Parental Controls, App Analyzer, Traffic Analyzer and Web History will stop working as well.

I’m aware of that and have these covered in other ways, as far as they’re being used. But thanks for the heads up.

 

[technotic]

I'll add my knowledge here. AiProtection essentially works by analyzing packet headers and destination url's or IPs. The threat data is updated regularly to include newest malicious sites. It will do nothing for 0 day attacks. Then again, few things do. It basically checks your destination against a known list and will block banned destinations. It does also look for local traffic phoning out to known malicious destinations, and looks for algorithmic activity on the LAN.

what it does not do is SSL inspection like a professional IDS/IPS. The power required for that is too much for basically every consumer router.

Your web activity is collected and sent to TM as part of their threat intelligence, to detect new threat sites and such. You can count on any site blocked by AIP will be sent. Likely a list of each unique ip/domain visited.

It does catch many auto redirect malicious sites, such as if you used a YouTube conversion site like flvto,biz or accidentally click a link on many shady download sites or file hosting services.

Currently in the process of deploying opnsense and relegating my ax3000 to a wifi 6 ap. But anyway

TL;DR: it works to stop known malicious sites, there is some overhead, unique domains and IPs visited are collected, it does a decent job if you don't mind the slight perf hit, but regular router reboots should help keep things stable. Just remember what it's limitation is. It can inspect packet headers and check destinations against malicious sites that are known. It is not a virus or malware blocker in the sense that it does not scan your downloads for viruses. That up to your device/PC.