AiProtection question

[andresmorago]

Hello
I know that AiProtection doesnt have whitelist capabilities but im having some issues when trying to access a windows share from a remote client connected to the routers openvpn server.

Is there a way to let the router accept this incoming connection?

Windows server is 10.0.0.7
Remote client is 10.0.1.2



Thanks

 

[RMerlin]

Make sure both ends have the latest Windows updates installed. Beyond that, there is nothing more you can do.

 

[andresmorago]

hello @RMerlin and thanks
both server and client are up to date. i can access the window shares from the client when im connected directly to router. once i am on the vpn network, aiprotection kicks in and blocks smb connections

i guess ill have to live with it

 

[Greg72]

I have ai protection shut off on my 68u. It alleviated a lot of headaches.

 

[TNCS]

On the bright side, at least you know AiProtection is working... I get like literally 0 hits on everything... Not even sure if it working...

 

[martinr]

On the bright side, at least you know AiProtection is working... I get like literally 0 hits on everything... Not even sure if it working...

Are you running Skynet and Diversion? If so, it will explain why AIProtection is sitting around all day with nothing to do.

 

[andresmorago]

In my case, I run skynet and diversion Too. aiprotection blocks a lot

 

[Phil Outram]

I use open vpn with ai protection enabled and have no issues accessing smb shares on a Windows 2016 server from a remote windows 10 client. I have the RT-AX88U with latest merlin firmware.

 

[andresmorago]

I use open vpn with ai protection enabled and have no issues accessing smb shares on a Windows 2016 server from a remote windows 10 client. I have the RT-AX88U with latest merlin firmware.

What’s your OpenVPN ip Pool?

 

[TNCS]

Are you running Skynet and Diversion? If so, it will explain why AIProtection is sitting around all day with nothing to do.

No, did want to as it seems resource hungry... Any good reason as why it does nothing?

 

[martinr]

No, did want to as it seems resource hungry... Any good reason as why it does nothing?

Have you tested to prove it’s not working or are you going off your never receiving alerts? I have all AIProtection modules enabled. I used to test it in a way that wasn’t particularly smart but I’ve just found this link, which offers a safe way to test. (Unfortunately, there was no follow-up after the suggestion of a factory reset

https://www.snbforums.com/threads/aiprotection-stopped-working.43115/


I used the Dangerous level test at
https://success.trendmicro.com/solu...the-web-reputation-feature-in-officescan-osce

and I get the Trend warning page on my router

 

[#TY]

noob question here: Is it redundant to have Skynet/diversion installed AND AiProtection? I would be happy keeping AiProtection off if the former duo are providing the same thing as they seem to be more up to date and less resource hungry.

 

[#TY]

noob question here: Is it redundant to have Skynet/Diversion installed AND AiProtection? I would be happy keeping AiProtection off if the former duo are providing the same thing as they seem to be more up to date and less resource hungry.

 

[martinr]

noob question here: Is it redundant to have Skynet/Diversion installed AND AiProtection? I would be happy keeping AiProtection off if the former duo are providing the same thing as they seem to be more up to date and less resource hungry.

On my RT-AC68U I run all modules of AIProtection as well as Skynet and Diversion, and, of course, AMTM. There is a setting in Skynet called Ban AIProtect; what that does is allows Skynet to include anything AIProtection picks up. Having said that, since installing Skynet and Diversion some 18 months ago, I’ve had perhaps one, maybe 2, obvious AIProtection alerts. But if that one alert saved me from trouble, then it vindicates running all 3 programmes. I don’t see any obvious signs of AIProtection sapping my router’s resources, so from my viewpoint I’d say it’s not redundant and unless you have a compelling reason not to run it, then continue with it. Also, you could look on it as a safety net if, for example, you get a glitch and Skynet or Diversion stop working. On the other hand, I get the feeling that quite a few forum members don’t run AIProtection and they seem perfectly happy to do so.

 

[#TY]

On my RT-AC68U I run all modules of AIProtection as well as Skynet and Diversion, and, of course, AMTM. There is a setting in Skynet called Ban AIProtect; what that does is allows Skynet to include anything AIProtection picks up. Having said that, since installing Skynet and Diversion some 18 months ago, I’ve had perhaps one, maybe 2, obvious AIProtection alerts. But if that one alert saved me from trouble, then it vindicates running all 3 programmes. I don’t see any obvious signs of AIProtection sapping my router’s resources, so from my viewpoint I’d say it’s not redundant and unless you have a compelling reason not to run it, then continue with it. Also, you could look on it as a safety net if, for example, you get a glitch and Skynet or Diversion stop working. On the other hand, I get the feeling that quite a few forum members don’t run AIProtection and they seem perfectly happy to do so.

That's a great answer, thank you for that. I was mostly concerned with keeping the router running as lean and mean as possible as I just finished doing a nuclear reset of the router using the helpful guidelines provided by @L&LD and everything seems to running wonderfully so far. I've also installed a brand new USB 3.1 Key and only configured Diversion, SkyNet, and uiDivStats for now. I didn't realize SkyNet had that Ban AIProtect option. For the moment, I think I'll use it over AIProtection simply because the author and code for SkyNet are readily and openly available on this amazing forum and imo, makes it a lot more trustworthy.

 

[martinr]

That's a great answer, thank you for that. I was mostly concerned with keeping the router running as lean and mean as possible as I just finished doing a nuclear reset of the router using the helpful guidelines provided by @L&LD and everything seems to running wonderfully so far. I've also installed a brand new USB 3.1 Key and only configured Diversion, SkyNet, and uiDivStats for now. I didn't realize SkyNet had that Ban AIProtect option. For the moment, I think I'll use it over AIProtection simply because the author and code for SkyNet are readily and openly available on this amazing forum and imo, makes it a lot more trustworthy.

Thanks. I’m not sure if I was clear enough about the Ban AIProtect setting in Skynet. Of course, Adamm, Skynet’s author, is limited for space in the Settings menu. If he had unlimited space, he’d call it something like: Incorporate any AIProtection hits into Skynet. So basically it’s a setting that allows Skynet to learn from AIProtection, although that makes it sound like Skynet is the junior partner, which it definitely isn’t.

 

[#TY]

Oh so its not a replacement for AiProtection. I guess I better turn it on then.

 

[Val D.]

I get the feeling that quite a few forum members don’t run AIProtection and they seem perfectly happy to do so.

I don't run AiProtection and I never had any issues with that. Just the opposite, the router runs much better. No need for another protection before already existing protection, nor sharing my browsing data and files with TrendMicro. What good is AiProtection anyway if most of my traffic goes through a VPN tunnel processed on a x86 hardware behind the router? It can't see what's inside the encrypted packets.

 

[Val D.]

I guess I better turn it on then.

TrendMicro was found recently stealing user data unrelated to their services. Turn it on, they want that.
https://searchsecurity.techtarget.c...nd-Micro-apps-on-Mac-accused-of-stealing-data
https://searchsecurity.techtarget.com/podcast/Risk-Repeat-Trend-Micro-apps-land-in-hot-water

 

[L&LD]

TrendMicro was found recently stealing user data unrelated to their services. Turn it on, they want that.
https://searchsecurity.techtarget.c...nd-Micro-apps-on-Mac-accused-of-stealing-data
https://searchsecurity.techtarget.com/podcast/Risk-Repeat-Trend-Micro-apps-land-in-hot-water

This is a good example of why I don't use 'apps' on my phone(s).

As TrendMicro stated in the article, it was given permission at install to do what it did (by the user). Apple was the bigger 'security' issue here. Blindly trusting without doing the testing and certification it says it does. Nothing new here, not the first time Apple fails.