What's new

Does AiProtection really work?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Be sure you're reading the privacy statements directly applicable only for Asus routers using TrendMicro (they are different).

If you want similar experiences from other providers, you'll be giving up the equivalent, if not more.

In the end, you're trading your personal data for the service you expect out of your online experience. TrendMicro on Asus routers collects very little, and it is needed/required for the benefits provided.
 
How do the updates for AIProtection work, on occasion I've had to check for updates manually as it doesn't always refresh, or maybe it works on some other schedule? And what do they contain, my understanding was that the router takes the DNS query and sends it to TrendMicro for analysis or does the router also do some local processing?
 
How do the updates for AIProtection work, on occasion I've had to check for updates manually as it doesn't always refresh, or maybe it works on some other schedule? And what do they contain, my understanding was that the router takes the DNS query and sends it to TrendMicro for analysis or does the router also do some local processing?
I know it's been a while since you asked this question, however I found this post while searching for answers to issues I'm having with AI Protect. Thought I'd clear a few things up:

1. AIProtect does not rely on DNS or provide what I will call "hash signature relay" (I don't recall the exact word) or for DNS blocklists--it's for the most part locally processed. What I mean by "hash signature relay" is that a UTM device (or malware protection on a PC/server/smartphone) will make a "hash signature" of files as they come in and then send them to the vendor's central repository to compare against other known hash signatures. If the signature indicates that the file was associated with a previous compromise, it will then block it or send a warning. AIProtect does not offer anything as far as I've seen that uses "hash signature relay". As far as DNS use with AIProtect, it would only be one point of data to compare vs a UTM signature (likely web filtering or IDS/IPS) to indicate if a certain domain or IP address is linked with events of known compromise, if no other piece of data confirmed this the connection would be allowed to proceed as if there's no problem.

2. My assumption for AIProtect signature updates, which don't seem to update weekly sometimes, is that the router's signatures are only those of the most common threats/viruses for the past X years or so. There may be a base set of signatures for viruses that are still prevalent that could go back decades, but it does not include every known virus. I would expect that when the router checks for system updates it also checks for Trend signature updates.

3. I can confirm that AIProtect has worked for me in the past. The Eicar and Wicar test are 2 of the best ways to confirm this. There is also a downloadable script available somewhere I've found in the past that will test your IPS/IDS by creating traffic that will trigger the IDS, you'd have to google it or it may be available inside a Kali Linux distro..... I know the IPS portion works as my son while playing video games downloaded a cryptominer bot and AIProtect shut it down. However, the protection is likely not as good as what you would find on a bloated commercial system. I've also had some websites blocked. When it blocks websites you'll get an Asus page with a Trend Micro logo.

It would be nice if some of these things were better documented on the Asus site. I know Trend makes some sensor devices designed for home networks, which likely use AIProtect--I've never used one. I do respect Trend Micro as an A/V/security vendor, I've used their products in businesses I work with for 20+ years and it's been about as solid as I've seen. The good thing about these routers is you can provide multiple layers of protection (through different mechanisms and various entities) with the router alone, without installing Merlin. If you install Merlin then you have additional layers of security from the community here through things like Skynet & Diversion.
 
I know it's been a while since you asked this question, however I found this post while searching for answers to issues I'm having with AI Protect. Thought I'd clear a few things up:

1. AIProtect does not rely on DNS or provide what I will call "hash signature relay" (I don't recall the exact word) or for DNS blocklists--it's for the most part locally processed. What I mean by "hash signature relay" is that a UTM device (or malware protection on a PC/server/smartphone) will make a "hash signature" of files as they come in and then send them to the vendor's central repository to compare against other known hash signatures. If the signature indicates that the file was associated with a previous compromise, it will then block it or send a warning. AIProtect does not offer anything as far as I've seen that uses "hash signature relay". As far as DNS use with AIProtect, it would only be one point of data to compare vs a UTM signature (likely web filtering or IDS/IPS) to indicate if a certain domain or IP address is linked with events of known compromise, if no other piece of data confirmed this the connection would be allowed to proceed as if there's no problem.

2. My assumption for AIProtect signature updates, which don't seem to update weekly sometimes, is that the router's signatures are only those of the most common threats/viruses for the past X years or so. There may be a base set of signatures for viruses that are still prevalent that could go back decades, but it does not include every known virus. I would expect that when the router checks for system updates it also checks for Trend signature updates.

3. I can confirm that AIProtect has worked for me in the past. The Eicar and Wicar test are 2 of the best ways to confirm this. There is also a downloadable script available somewhere I've found in the past that will test your IPS/IDS by creating traffic that will trigger the IDS, you'd have to google it or it may be available inside a Kali Linux distro..... I know the IPS portion works as my son while playing video games downloaded a cryptominer bot and AIProtect shut it down. However, the protection is likely not as good as what you would find on a bloated commercial system. I've also had some websites blocked. When it blocks websites you'll get an Asus page with a Trend Micro logo.

It would be nice if some of these things were better documented on the Asus site. I know Trend makes some sensor devices designed for home networks, which likely use AIProtect--I've never used one. I do respect Trend Micro as an A/V/security vendor, I've used their products in businesses I work with for 20+ years and it's been about as solid as I've seen. The good thing about these routers is you can provide multiple layers of protection (through different mechanisms and various entities) with the router alone, without installing Merlin. If you install Merlin then you have additional layers of security from the community here through things like Skynet & Diversion.
Perfectly said.

AiProtect works well in my setup. Also if you use Unbound you can get another layer of protection by enabling the DNS firewall.

Having options available while using the asuswrt-merlin firmware without having to pay for these extra services or monthly fees for extra layers of security is a big win/plus!!!
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top