AiProtection: GUI always shows 0

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Kanji-San

Regular Contributor
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?
 

oOMrYairOo

Occasional Visitor
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?[/QUOTE
My router is on 384.16 and AiProtection (Malicious Sites Blocking, Two-Way IPS, Infected Device Prevention and Blocking) is on. The GUI however always shows 0 events and no graphs. NAT acceleration is off. I cannot remember to have ever seen anything else than 0 for several firmware versions.

I tested Malicious Sites Blocking and this seems to work, at least the router shows a special webpage but the count does not increase and stays at 0. I don't know how to test for Two-Way IPS, Infected Device Prevention and Blocking.

What do I need to tweak to see the graphs?
I have a raspberry pi running FreePBX for testing and i notice that if I open port UDP 5060 ips starts to show 890+ hits on the same port indicating that my PBX is infected whit some cve.
 

Kanji-San

Regular Contributor
All showing zeroes means no events. Test here https://www.wicar.org/test-malware.html. Disable browser protection to see Trend in action. Malware filtering DNS plus Skynet and your router simply has nothing to detect. I don't use AiProtection at all now. No need to see all zeroes anyway.
I tried that and I see the Asus warning webpage however the count for Malicious Sites Blocking stays at 0. Shouldn't it go up?
 

Midlevel-User

Occasional Visitor
Similar issue - haven’t seen Two-Way IPS hits for over a year now. Threads indicate something with ASUS code that Merlin cannot address, but I would like to see reaffirmation of that if someone knows for sure
 

K-2SO

Very Senior Member
I tried that and I see the Asus warning webpage however the count for Malicious Sites Blocking stays at 0. Shouldn't it go up?
Yes, but it takes some time. It's not an instant indication. Log out of the GUI and check back a bit later.
 

Kanji-San

Regular Contributor
Yes, but it takes some time. It's not an instant indication. Log out of the GUI and check back a bit later.
I tried that but it never changes, always 0. Is there another component that I might have disabled that is required such as the Asusnat tunnel (which I disabled)?
 

L&LD

Part of the Furniture
Are you in a double NAT setup? Is your router showing an actual external IP address? :)
 

Kanji-San

Regular Contributor
Are you in a double NAT setup? Is your router showing an actual external IP address? :)
No double NAT setup. The router sees my correct external IP address.
 

Kanji-San

Regular Contributor
Similar issue - haven’t seen Two-Way IPS hits for over a year now. Threads indicate something with ASUS code that Merlin cannot address, but I would like to see reaffirmation of that if someone knows for sure
For whom is any of the AiProtection components working?
 

L&LD

Part of the Furniture
What router do you have? Does flashing 384.17_0 release final fix it?

When was the last time you did a full reset and a minimal and manual configuration to secure the router and connect to your ISP (without loading a saved backup config file afterward)?
 

Kanji-San

Regular Contributor
What router do you have? Does flashing 384.17_0 release final fix it?

When was the last time you did a full reset and a minimal and manual configuration to secure the router and connect to your ISP (without loading a saved backup config file afterward)?
RT-AC68U. Last complete full setup with manual configuration was four months ago. I have not tried 384.17 since 384.16 runs quite well and I don't want to mess with a running system :)
 

L&LD

Part of the Furniture
@Kanji-San it seems it may not be running optimally though? :)

@K-2SO that depends on what the two routers are. If they're identical and both set up the same way, one will show 'zero' always. :)
 

K-2SO

Very Senior Member
I have not tried 384.17 since 384.16 runs quite well and I don't want to mess with a running system :)
384.17 is just components update, see the changelog. It won't break anything.

If they're identical and both set up the same way, one will show 'zero' always.
I said it works in double NAT. You're talking about double AiProtection. Two different things.
 

klingon888

Occasional Visitor
For whom is any of the AiProtection components working?
I have a RT-AC68U as well on v384.16 with Diversion & Unbound, no Skynet. i just tested the wicar.org site and my Malware Sites Blocking and Two-way IPS counts did go up for each test. The Asus AI protect page does not seem to show up with Chrome as Google Safe Browsing blocks these sites but using IE seems to trigger the Asus page.
 
Last edited:

K-2SO

Very Senior Member
Asus AI protect page does not seem to show up with Chrome as Google Safe Browsing blocks these sites but using IE seems to trigger the Asus page.
Of course. I'm assuming they test AiProtection. Not browser protection.
 

RMerlin

Asuswrt-Merlin dev
Keep in mind that the engine version varies between models. I know that for a while, logging was broken. I know that it's fixed in the GPL version I have merged in for the RT-AX88U, however I have no idea if each and every other models also have a fixed version merged in yet - Asus's GPL releases have been pretty scattered for the past 6-8 months.
 

Theliel

Regular Contributor
Interesting.

I recently change my good old rt-ac56u for the rt-ax58u (thanks Erik, it took time to get it, but without Merlin support on it was not an option).

I have also observed the same behavior, with the previous model it was usual to have tens or hundreds of new registrations per day, since the installation of the new Router I have not seen the counter to move up. The configuration of both is very similar, leaving aside the differences between them, and some minor settings.

Maybe is only a logging issue or simply IAProtection is not working after all.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top