Question about Trend Micro Signature "update failed"

[dave14305]

Check_Security() is run every hour during the save process along with startup/firewall restarts, if someone misses 24 warnings per day for a prolonged period of time I think they have bigger issues

For this particular IOC, I think it would be helpful to set it back to three-zero and trigger /usr/sbin/sig_update.sh. That way if they miss the notice, they will still get signature updates, firmware update notices, etc.

these people disable secure mode and enable wan access. i think they'll miss syslog tbh.

Lead a horse to water...

 

[L&LD]

@dave14305, what is 'IOC'?

 

[dave14305]

@dave14305, what is 'IOC'?

Either the Olympic Committee or Indicator of Compromise.

 

[Adamm]

For this particular IOC, I think it would be helpful to set it back to three-zero and trigger /usr/sbin/sig_update.sh. That way if they miss the notice, they will still get signature updates, firmware update notices, etc.

That was my first thought, but I don't think a signature update would remove other backdoors etc and it would be better off alerting the user until they initiate a factory restore. The last major malware strain for instance enabled the PPTP server with a generic user/pass combination for persistent access.

@dave14305, what is 'IOC'?

Indicator of compromise

 

[QuikSilver]

Either the Olympic Committee or Indicator of Compromise.

I was voting for Input Output Control(ler) or Inspector On Call.

 

[dave14305]

That was my first thought, but I don't think a signature update would remove other backdoors etc and it would be better off alerting the user until they initiate a factory restore. The last major malware strain for instance enabled the PPTP server with a generic user/pass combination for persistent access.

Maybe you can write a special alert div to the top of the Skynet Stats page when such items are found?

 

[thecheapseats]

these people disable secure mode and enable wan access. i think they'll miss syslog tbh.

and self-driving cars were made so cats can drive...

 

[xptopt]

Hi when i run "sh -x /usr/sbin/sig_update.sh" i get this

+ wget_options=-q -t 2 -T 30 --no-check-certificate
+ nvram set sig_state_update=0
+ nvram set sig_state_flag=0
+ nvram set sig_state_error=0
+ + grep -i nt_center
nvram get rc_support
+ IS_SUPPORT_NOTIFICATION_CENTER=
+ [  !=  ]
+ nvram get bwdpi_sig_ver
+ current_sig_ver=2.066
+ echo+ sed s/\.//g
 2.066
+ current_sig_ver=2066
+ nvram get sig_type
+ sig_type=FULL
+ [ FULL ==  ]
+ nvram get apps_sq
+ forsq=
+ [ -z  ]
+ forsq=0
+ nvram get territory_code
+ tcode=WE/02
+ [ WE/02 ==  ]
+ territory_type=WE/02_FULL
+ echo ---- sig update start: ----
+ [ 0 == 1 ]
+ echo ---- sig update real normal----
+ wget -q -t 2 -T 30 --no-check-certificate https://dlcdnets.asus.com/pub/ASUS/
LiveUpdate/Release/Wireless/sig2nd_update.zip -O /tmp/sig_update.txt
+ dlinfo=0
+ echo ---- sig wget exit : 0 ----
+ [ 0 != 0 ]
+ echo Download sig info OK
+ + sed s/.*#//
grep WE/02_FULL /tmp/sig_update.txt
+ sig_ver=
+ [  ==  ]
+ WW_type=WW_FULL
+ grep+ sed s/.*#//
 WW_FULL /tmp/sig_update.txt
+ sig_ver=2.182
+ nvram set SKU=WW_FULL
+ nvram get SKU
+ echo WW_FULL
+ echo 2.182
+ + sed s/\.//g
echo 2.182
+ sig_ver=2182
+ nvram set sig_state_info=2182
+ rm -f /tmp/sig_update.txt
+ nvram get sig_state_info
+ update_sig_state_info=2182
+ nvram get sig_last_info
+ last_sig_state_info=
+ echo ---- current sig : 2066 ----
+ echo ---- latest sig : 2182 ----
+ [ 2182 ==  ]
+ [ 2066 -lt 2182 ]
+ echo ---- < sig_ver, Do upgrade ----
+ nvram set sig_state_flag=1
+ [  !=  ]
+ echo ---- sig update end ----
+ nvram set sig_state_update=1

but if i run "nvram get apps_wget_timeout" i get timeout 30 after reset and clear jffs.

AC86U:/tmp/home/root# nvram get apps_wget_timeout
30

is this normal ?
Thanks

 

[RMerlin]

is this normal ?

Yes.

 

[Diamond67]

What's your current Trend Micro: Signature version? It can be found in Administration - Firmware Upgrade (Merlin GUI).

Mine is: 2.212 Updated : 2020/06/29 16:45

No update available since last summer? I remember that with some router fw versions the date didn't always update/refresh itself (it was a bit buggy?) even though the actual Signature version eventually did update automatically and manually as well.

 

[dave14305]

What's your current Trend Micro: Signature version? It can be found in Administration - Firmware Upgrade (Merlin GUI).

Mine is: 2.212 Updated : 2020/06/29 16:45

No update available since last summer? I remember the with some router fw versions the date didn't always update/refresh itself (it was a bit buggy?) even though the actual Signature version eventually did update automatically and manually as well.

 

[Diamond67]

View attachment 30116

Thanks, Dave!

I asked the same question in another thread (sorry for kinda crossposting... ) and the v 2.212 was confirmed there too.

Anyway, with my router I cannot trust the actual date because it wont't always update/refresh itself. This has been going on for ages with my router and with several firmware versions (Merlin). The version matters for me, not the date (it may be somehow stuck).

 

[RMerlin]

2.212 was released only a few weeks ago.

 

[Diamond67]

Anyway, with my router I cannot trust the actual date because it wont't always update/refresh itself. This has been going on for ages with my router and with several firmware versions (Merlin). The version matters for me, not the date (it may be somehow stuck).

Just noticed that now with Merlin fw 386.1 my Trend Micro: Signature version seems to get updated nicely. In addition to the Signature version, also the date is up to date. And Signature version is now 2.216.

2.216 Updated : 2021/02/05 15:27

 

[DJDumlao]

Im Signature update failed when I click the check button on the Trend Micro: Signature version section. Any ideas on how to fix this error. Thanks

 

[octopus]

Im Signature update failed when I click the check button on the Trend Micro: Signature version section. Any ideas on how to fix this error. Thanks

View attachment 38069

Beta - Asuswrt-Merlin 386.4 beta is now available

My AX86U got into a bootloop after dirty upgrade from 386.4beta2 to 386.4beta3. Fortunately I had settings and jffs backups. So after a reset followed by restore it is back to normal again. Thanks RMerlin for this new beta.

www.snbforums.com

 

[joegreat]

To keep the long story short: here the final answer from The Magician RMerlin!