What's new

AiProtection "Online Features"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ironclad

Occasional Visitor
Hi, is it possible to use AiProtection features completely offline? It seems like you could block Trend Micro servers with iptables but I'm not sure if it would work. Anyone got a list of hostnames if this is the case?

Also, do all AiProtection features phone home? Seems ridiculous that adaptive QoS is tied to the service.

I'm using a T-Mobile TM-AC1900 flashed to Merlin 384.3.
 
Last edited:
Also, do all AiProtection features phone home? Seems ridiculous that adaptive QoS is tied to the service.

Adaptive QoS is based on Trend Micro's DPI engine. The Trend Micro EULA covers their whole software stack, they don't make separate EULA for each individual features.

AFAIK, the only time the Trend Micro engine needs to contact its servers is when using the malicious website blocker, as it relies on TrendMicro's WRS cloud-based service. Adaptive QoS relies on signature files that are downloaded from Asus's servers.
 
@RMerlin does adaptive qos continually download signatures in realtime depending on the device and software ?

Signatures are updated once per night. Asus tends to publish updates every couple of weeks (I never noticed any fixed schedule).
 
@RMerlin is there anyway to randomize the signature update times to mitigate against spoofing attacks? Or disable them altogether?

No, the check is part of libbwdpi.so, outside of my control.
 
@RMerlin Despite what you had said above, after disabling malicious website blocker, I was getting query's every few minutes to trendmicros website; After blocking trendmicro I am getting constant query's every few seconds. Rarely but on occasion, Sometimes a hundred in 1 second.

Sound like a bug to me, I see no reason for queries to be sent if all related features are disabled (you didn't enable Parental Control either, right? It also requires classification of visited websites).

You could try disabling the EULA that you initially accepted (...):

Code:
nvram set TM_EULA=0
nvram commit
reboot
 
It may not be sending urls but it was constantly connecting to url.trendmicro.com; I suppose it could be dns but I really don't know at this point.
DNS would make sense to me. You're stopping it connecting to trendmicro.com so I'd guess that it'll just keep trying. What it does beyond that is speculation.
 
@raellove :
The period of signature checking mechanism is once in two DAYS, if ASUS's server has newer signature, it will upgrade automatically. And you can check by yourself each two weeks, because the new signature will be updated from TrendMicro once in two WEEKS. Hope it helpful to you and @RMerlin.

Thanks,
Vanic
 
Thank you eddiez, well you learn something new every day; "Skynet gets the output direct from nslookup fwiw, and the website looks like its hosted on a CDN (it comes back to IP space owned by my ISP here)." So skynet did the lookup and it came up with the DoD
False positive, same thing as anti virus software.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top