AiProtection

[Portalnet]

Hello
do you use AiProtection on your routers? Is it worth using it or does it protect something? is it effective? Or is it better to turn it off and not use it?

 

[ColinTaylor]

Cue the usual suspect spreading FUD that they're collecting your data and spying on you...

 

[Portalnet]

He's spying on everything today.
How about the effectiveness of this product? Good or rather weak? Is it a marketing gimmick?

 

[OzarkEdge]

Hello
do you use AiProtection on your routers? Is it worth using it or does it protect something? is it effective? Or is it better to turn it off and not use it?

I have AiProtection enabled and it continues to log sucessfully protected events/URLs that the Trend Micro Site Safety Center considers dangerous... examples:

content.smartanswers.net
royeburgess.com
burlydeclined.com
laddleoser.com

No one in the house browses to such URLs directly... these things just happen in the background while using the Internet.

I notice no particular performance issues with AiP enabled. I consider it a worthy layer of safe computing until determined otherwise.

Also using CloudFlare encrypted DNS (DoT) with security filtering (1.1.1.2 1.0.0.2 security.cloudflare-dns.com).

OE

 

[BreakingDad]

I have it on, and it's had 112 hits in 10 months.

 

[esfu]

Hello
do you use AiProtection on your routers? Is it worth using it or does it protect something? is it effective? Or is it better to turn it off and not use it?

I will recommend using it. I have not heard any case for not using it but reviews are available to use it. In my case, it has twice registered alerts for some sites that were scam and were sites visited in background by something.

By the way, I also use OpenDNS DNS servers so many scams may be blocked at that level itself.

 

[Vandergraff]

RT-AC68U which I have been running ASUSWRT Merlin for many years with AiProtection enabled. Used to get lots of hits but nothing since around Feb 2021. Installed latest version of the stock ASUSWRT a few days ago (with factory reset firmware update and then another factory reset). Still no hits.

Tried https://www.wicar.org/test-malware.html from an iPad using Chrome (so no private relay) and I get no warnings or hits from AiProtection on the Router? Just opens a blank page or page with hieroglyphs.

I will keep it enabled but not sure if its actually doing anything?

DNS is Quad9 safe - but I tried with ISP (Comcast) DNS but results were the same?

 

[Portalnet]

Well, I also have zero hits for 4 months, that's why I asked if it works at all?
Norton on computers catches various suspicious pages and this AI nothing, and should he (AI) be the first to catch it?

 

[Tech9]

Well, I also have zero hits for 4 months

It depends what are you doing online and what clients do you have:

I have left this router in a Guest House in Denmark. It's acting as my VPN exit point in Europe, serves some IoTs in the house, occasional clients for Web browsing. If you use clients with modern browsers they all have SafeSearch. You have to disable it to trigger AiProtection response. SafeSearch is much more effective. I've seen some false positives only from AiProtection on every router I have tested it on. If you are comfortable with TrendMicro data collection disclosure - leave it Enabled. It's like all "free" services these days - you get the service in exchange for your data. TrendMicro is using it to improve their commercial products perhaps. Data Collection Daemon runs (and crashes often) on the background with any enabled TrendMicro engine services, not necessarily AiProtection. You may have Web History* only enabled - it still requires data sharing agreement.

For me it's more like a firmware bloatware (Ookla addition as well). The router specifications on Asus web have to mention the data collection requirements. Most users find about it only after router purchase. This service is not Asus exclusive. TP-Link uses it for their routers as well, but called HomeCare.

There are also reports here on SMB Forums about AiProtection page not registering some of the blocked content and this makes it harder to diagnose eventual Internet access issues. When you don't see what's blocked you can't whitelist it as well. Not perfect, but does something for some users.

* - It can be done locally with no 3rd party assistance. Seems like TrendMicro is interested in user browsing history.

Norton on computers catches various suspicious pages and this AI nothing

The request comes from the computer running your other protections and is blocked before it gets to AiProtection.

 

[thiggins]

@ColinTaylor @Tech9 If you two want to snipe at each other, take it into a private conversation.

I've about had it with the bullying that goes on in these Forums, No one provides enough value here that such behavior should be tolerated.

 

[RMerlin]

Hello
do you use AiProtection on your routers? Is it worth using it or does it protect something? is it effective? Or is it better to turn it off and not use it?

Malicious Website Blocking is pretty good, it uses the same backend used by Trend Micro's business security suite. While most desktop browser will have their own blocking in place, that protection isn't as exhaustive on mobile clients, so for these alone Malicious Website Protection is a good thing.

Hard to evaluate the other features however, as people rarely see anything blocked by them. I remember a few years ago when I had left a forwarded RDP port open on my router, AiProtection actually blocked brute force login attempts that hit my RDP port.

Personally I use site blocking and IPS. I never felt the need to enable the third one, but that's because I don't feel that I need that on my personal network.

 

[PRSXFENG]

I have AiProtection enabled and it continues to log sucessfully protected events/URLs that the Trend Micro Site Safety Center considers dangerous... examples:

content.smartanswers.net
royeburgess.com
burlydeclined.com
laddleoser.com

No one in the house browses to such URLs directly... these things just happen in the background while using the Internet.

I notice no particular performance issues with AiP enabled. I consider it a worthy layer of safe computing until determined otherwise.

Also using CloudFlare encrypted DNS (DoT) with security filtering (1.1.1.2 1.0.0.2 security.cloudflare-dns.com).

OE

PS, I suggest Quad9 DNS, they're the best (in my experience and some other reviews) in terms of blocking malware, but with that said there are also chances of false positives.

 

[Treadler]

PS, I suggest Quad9 DNS, they're the best (in my experience and some other reviews) in terms of blocking malware, but with that said there are also chances of false positives.

The third one in that list is the only one blocked currently by Quad9.

 

[Treadler]

PS, I suggest Quad9 DNS, they're the best (in my experience and some other reviews) in terms of blocking malware, but with that said there are also chances of false positives.

2nd, 3rd & 4th ones blocked by Cloudflare for families……

 

[Brad H]

Hello
do you use AiProtection on your routers? Is it worth using it or does it protect something? is it effective? Or is it better to turn it off and not use it?

It makes my RT-AX89X reboot randomly. Drove me nuts for months, disabling features & waiting to see if it was fixed. Tried disabling all of the AIProtection features & reboot issues went away. If you are in an environment where unknown devices are constantly joining your network (restaurant, library, etc.), it might have value. In a home or small business, where you know what is on your network, I don't think you need it. If it works for you, might as well leave it on but I don't think turning it off makes your network even the tiniest bit more vulnerable than having it running for home/small business

 

[Tech9]

TrendMicro components have noticeable negative performance impact on older ARMv7 platform routers (AC68U and variants, AC88U, AC5300, etc). The extra features were made available in firmware, but the routers can't reach Gigabit throughput anymore. The network responsiveness and throughput is restored instantly (reboot may be needed) after withdrawing the agreements in Administration, Privacy. As noted above - filtering DNS service may be enough for most users with very similar results and no 3rd party involvement. It's a matter of choice after all.

 

[NoTimeToDie]

It makes my RT-AX89X reboot randomly. Drove me nuts for months, disabling features & waiting to see if it was fixed. Tried disabling all of the AIProtection features & reboot issues went away. If you are in an environment where unknown devices are constantly joining your network (restaurant, library, etc.), it might have value. In a home or small business, where you know what is on your network, I don't think you need it. If it works for you, might as well leave it on but I don't think turning it off makes your network even the tiniest bit more vulnerable than having it running for home/small business

My GT-AX6000 reboots with AiProtection enabled too. never had an issue before connecting 2.5Gb equipment and last firmware

 

[RMerlin]

My GT-AX6000 reboots with AiProtection enabled too. never had an issue before connecting 2.5Gb equipment and last firmware

It`s a known issue, which Asus already has fixed on their end (and the fix is present in version 388.1 of my firmware).

The fix should be available in the next Asus release as well.

 

[NoTimeToDie]

It`s a known issue, which Asus already has fixed on their end (and the fix is present in version 388.1 of my firmware).

The fix should be available in the next Asus release as well.

Thanks @RMerlin !
I applied the 388_22068 firmware to my AX6000 and enabled AIProtection successfully without reboots now for 2 days!
(now if we could only get dual WAN failover/fallback to work better)

 

[esfu]

filtering DNS service

How do you filter DNS service on ASUS RT-AX92U with stock firmware version 3.0.0.4.386_46061?