AiProtection is working but it cannot scan & block bad HTTPS traffic?

liukuohao

Regular Contributor
Previously, I was testing on my stock firmware about AiProtection.
Nothing unusual happened when I played around with the settings.

Yesterday, I installed the latest Merlin FW on my RT-AC86U router,
Played around with the settings and things do not feel like running smoothly.

Today, I tested the AiProtection feature, and things got a little weird.
I applied the settings and the rolling wheel does not stop.
I was trying to turn off 2 way IPS but something was not right.
So I am a bit concerned with the stability of Merlin FW.

AsusWRT-Merlin-RT-AC86U-AiProtection-Applying-Settings.jpg


After waiting about 15 mins, this page was not changing, I had to close this page manually,
and then typed in the router IP on the browser to get access to the router's WEB GUI.
I went back to AiProtection > Network Protection and to my surprise, the system detected
something or someone attacked my PC: PNGECCTV

AsusWRT-Merlin-RT-AC86U-AiProtection-2-WAY-IPS-part1.jpg

AsusWRT-Merlin-RT-AC86U-AiProtection-2-WAY-IPS-part2.jpg



Question

1) Can I downgrade FW Merlin? If yes, then can I use the stock FW saved setting CFG file to restore to the previous version of Merlin FW?
2) Even though I installed the latest stable release of FW Merlin, is there any other WELL KNOWN previous release that is known to be STABLE?
3) Would I need to monitor the RAM usage, it is currently at 75% used (This is understandable since IPS is turned on)
4) I was intrigued by this Youtuber, saying that a 2-way ISP cannot detect traffic in HTTPS, is true?
Testing - ASUS Router AiProtection
 
Last edited:

bbunge

Part of the Furniture
1. Yes. No. Always best to reset and manually configure after firmware change.
2. Merlin 386.5-2
3. RAM is to be used. If you need more create a swap file.
4. Maybe not. YouTube will say anything.
 

Tech9

Part of the Furniture
I don't believe AiProtection is a true IPS. The CPU has not enough processing power to do that. Encrypted traffic can't be inspected. To inspect https the router/firewall needs to run a proxy. No such option with Asus routers. On device VPN traffic also goes straight through AiProtection, also encrypted. All I've seen from AiProtection is false positives - blocking sites with no real safety concerns. Both stock Asuswrt and Asuswrt-Merlin are faster and much more stable with no TrendMicro components involvement.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top