AiProtection - Infected Device Prevention and Blocking

[stambeccuccio]

1) If you enalble "Infected Device Prevention and Blocking"

2) and you try to log in to your router at https://router.asus.com:8443
or https://192.168.1.1:8443 (in my case https://192.168.2.1:8443)
link is blocked by AiProtection and the following screen appears:

Warning! The website contains malware.
Visiting this site may harm your computer.
. Description: Sites whose addresses have been found in spam messages.
. Host: (name and MAC address of my computer)
. URL: www.fallingfalcon.com

Well!! What is this stuff?
Do I have to care about, or it is a problem/bug of this utility?

 

[CiscoX]

I have everything enabled here and never seen that problem. Scan your computer for malware or spyware.
Try another browser, i.e Firefox

https://www.virustotal.com/en/url/d...4fab8ec1bcd24481f5b93ba9/analysis/1462568413/

http://www.scamadviser.com/check-website/fallingfalcon.com

 

[pete y testing]

2) and you try to log in to your router at https://router.asus.com:8443
(or 192.162.x.x:8443)

:8443 is for ssl

you would normally access via

http://router.asus.com

or

192.168.1.1/Main_Login.asp

( or in your case 192.168.2.1/Main_Login.asp )

so the ssl isnt working the way it should but it may be to do with the new way you login to the gui

 

[stambeccuccio]

:8443 is for ssl .. so the ssl isnt working the way it should but it may be to do with the new way you login to the gui

It is a Web interface preset option:
Access setting page via https://router.asus.com:8443

 

[martinr]

I'm not seeing anything like that with the same settings - I get a warning that the connection (https) isn't private but that's all.

And what's that fallingfalcon.com all about? I'd follow CiscoX's advice, and if you can, try the same thing but on a different device.

By the way: "192.162....." was a typo wasn't it?


EDIT: I've just received AIProtection email alerts for the times I tried to access fallingfalcon.com, so that shows that that is what AIProtection is really protecting you from. And maybe it's doubly protecting you from opening your router's GUI (thereby exposing security settings) knowing that there is something dodgy about your browser/device in relation to that site.

 

[pete y testing]

It is a Web interface preset option:
Access setting page via https://router.asus.com:8443

yes and what im saying is its not working correctly for https / ssl

but if you just drop the :8443 its fine and works without issue

if you want ssl / https connection report it via the feedback page

in your case

http://192.168.2.1/Advanced_Feedback.asp

there is usually no need for https in a home enviorment anyway

fyi i have also reported the issue via the feedback form for you

 

[pete y testing]

however the fallingfalcon bit is not related to the connection failure and is a different matter , i have spoken to you about this before

 

[stambeccuccio]

I enable port https 8443 to connect the router, by ASUS Router App
Required if you want a secure connection

 

[pete y testing]

Required if you want a secure connection

again i dont know why you would want https in a home environment but as i suggested report it via the feedback form and something will get done , continually posting here on the forum wont get squat done

 

[stambeccuccio]

Thank You so much to martinr, pete y testing and CiscoX for answers, involvement and suggestions, you have been very kind.

I was sure that my computer hadn't security problems because it is protected but for further scruple, as suggested by the alert message,
I downloaded and installed "Asus-Router-TTi_10.0_MR_Full.exe" for further scan and monitoring my computer

Result: computer and browser (Chrome 50.0.2661.94) are clean

And also, for further scrupulously, I cleaned and reset browser, but (evidently) problem is not my computer.

 

[CiscoX]

Could you please install Firefox and then try again to login to your router?

 

[martinr]

....,,,
And also, for further scrupulously, I cleaned and reset browser, but (evidently) problem is not my computer.

Have you set up email alerts through Alert Preferences (your first screenshot)? Until recently I'd not bothered to update my email alerts after I enabled 2 factor authentication in Gmail. I've since opened a separate Gmail account for these alerts and it seems that 2FA has to be enabled http://www.snbforums.com/threads/aiprotection-dont-send-mail.32116/page-2#post-254964

It's worth setting up even though it might not work first time: it tells you which device is trying to connect and to which malicious domain. I find it a lot more helpful than it used to be.

 

[stambeccuccio]

Yes Sir, me too.. I opened another google account disabling security settings in order to receive AiProtection messages.
It would be helpful to put a button of email test (it's a suggestion).

Regarding instead the problem I reported: after clicking on "Vai = Go" of that alert message, it is not longer happened.

I tried several times (for testing) to connect at https://192.168.1.1:8443 with Chrome, Firefox and Opera without any warning message.

Is it maybe because I clicked "Go" one time? I don't know.

Anyway, thanks to all

 

[stambeccuccio]

.. I opened another google account disabling security settings in order to receive AiProtection messages.

I observe only that: to force users to use an email account insecure and unprotected is a contradiction (a nonsense) for a security system like AiProtection.
In short, it's not a good figure by TREND MICRO TM.

 

[pete y testing]

the issue is not with the email alert but in how google set their security standard in forcing you to use there https/ssl connection method and seeing anything else as insecure

 

[richardeid]

I just got a new RT-AC88U and have been reading around a bunch to learn about some of the newer features. Ran across this thread.

All you guys with 2FA turned on for your Google accounts just need to set up an application-specific password. Once I did this I began getting e-mail alerts. So go here:

https://security.google.com/settings/security/apppasswords

and click the generate button. Then name it whatever you want and you'll be presented with a one-time use password. Copy and paste that into the password field in the alerts preferences dialog and click apply.

To test to make sure it's working, you can use this URL: http://wrs41.winshipway.com/

I got that URL from: http://esupport.trendmicro.com/solution/en-us/1054220.aspx

 

[Jamyz]

Great i try this and work fine... Thanks richadeid....

 

[tomsk]

For me, i had to leave out the @gmail.com off of the email field as suggested in another thread
http://www.snbforums.com/threads/aiprotection-send-mail-i-have-google-mail.36006/ and paste the generated app password into the password field to make it work. Once i hit apply, i then got the email from the router verifying the email address.

Dear user,

This is for your mail address confirmation and please click below link to go back firmware page for configuration.

http://router.asus.com/

Thanks,
ASUSTeK Computer Inc.

But when i click the winshipway URL to test, the webpage redirect happens ok but no email

 

[skeal]

Same here same problem. Generated a password for the aiprotection email and entered it and received the confirm from Gmail. Tested using url listed above. I get no message and no log entry. Help!

 

[martinr]

Same here same problem. Generated a password for the aiprotection email and entered it and received the confirm from Gmail. Tested using url listed above. I get no message and no log entry. Help!

When you try to access that url in your browser, do you see the following redirect address appear in the address bar?

https://192.168.1.1:8443/blocking.asp?cat_id=74

where: 192.168.1.1 is a typical router internal IP address - yours may well be different.