What's new

New to ASUS routers, freaked out by Trend Micro

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Don't expect anything TrendMicro working properly in a long run with no communication to TrendMicro servers.

This would seem strange to me strictly in terms of the QOS service. It doesn't rely on Trends servers for basic functionality since it does the work at the router level, so what they would have to do if they don't like that I'm not constantly phoning home is actively disable / re-enable a setting on my router without my intervention whenever my router is unable to contact their servers for any number of reasons. Does enabling the service give them backdoor access to my router in order to disable the QOS setting?
 
Adaptive QoS requires signature files to identify traffic types.
 
Adaptive QoS requires signature files to identify traffic types.

Aren't those signature files located / activated in the router firmware after initial connection to Trend?

Any info as to how often those signature files require regeneration?

I have not had any additional DNS requests from trend other than the initial requests when I first enabled it a few days ago.
 
Aren't those signature files located / activated in the router firmware after initial connection to Trend?
There`s an older version included in the firmware, but updates are downloaded automatically.

Any info as to how often those signature files require regeneration?
Whenever they feel the need to publish an update, there`s no fixed schedule.
 
For instance, in my case, I enabled the QOS in my Asus RT-AX88U with Merlin, allowed the initial DNS requests to go through to Trend to enable the service, then blocked all subsequent Trend Micro based DNS requests, which there were quite a few. Now they are blocked in the future, and QOS still works. Is there something I'm missing, such as another way that the router is able to get the info to Trend?
You have to test for yourself whether it works, because here either people don't use it at all, or people trust it completely.


But I used to do something similar to you, I just banned access to Trend Micro's DNS, IPs, but when I did, the malicious website blocking didn't work anymore, the reason is that Ai Protection needs to contact Trend Micro's servers for every URL request, even if there is a local signature.

re-enable a setting on my router without my intervention
This kind of thing is almost impossible to happen, they can refuse to provide you with services, but it is impossible to force you to use their services. When they say no, they do it on their server, not modifying your router settings.
 
Dumb question but should I be using AiProtection? Doesn't really make my router more secure?
 
Dumb question but should I be using AiProtection? Doesn't really make my router more secure?
AiProtection is mostly to protect your LAN clients, not your router itself.

Personally I use it. Malicious Website Protection does intercept stuff on my mobile devices, as it can protect them as well as ads pushed within mobile apps.
 
Sorry to revive this, but I'm curious about what @breathless did to block the DNS requests to TrendMicro when using Traffic Analyzer / Adaptive QoS. I enabled these features but I did not find a list anywhere that shows what the router itself is trying to access to facilitate their usage. I'd imagine adding a keyword of "trendmicro" in the firewall URL filter might work, but I'd like to verify that it actually does.

All I want is to be able to view a breakdown of bandwidth usage by internal IP. I don't care about the traffic classification itself, so I don't need any of the actual domains sent to TrendMicro for their own classification. It's really annoying that we can't just enable per-ip traffic statistics without the TrendMicro integration...
 
It's really annoying that we can't just enable per-ip traffic statistics

This needs CPU processing and means no more Gigabit WAN-LAN speeds. For currently popular Asus home routers it means up to ~350Mbps. This is what power efficiency optimized hardware inside can do. Home routers rely heavily on NAT acceleration tricks.
 
This needs CPU processing and means no more Gigabit WAN-LAN speeds. For currently popular Asus home routers it means up to ~350Mbps. This is what power efficiency optimized hardware inside can do. Home routers rely heavily on NAT acceleration tricks.

Does this mean that Asus' implementation of Traffic Analyzer also limits throughput to those speeds because of the same overhead? To be clear I simply want what they already provide, just without any metadata lookup from TrendMicro.
 
No, but it's quite inaccurate. I've seen it missing GBs of traffic as well as locking up and losing the previous data.
 
No, but it's quite inaccurate. I've seen it missing GBs of traffic as well as locking up and losing the previous data.

Ahh gotcha. Honestly that'd still be fine with me if it still allows full throughput. I just want a general estimate of which of my devices is using somewhat significant bandwidth at any given time, ideally with a simple way to query the data externally (like how node_exporter works, hosting a simple web server).
 
You can't use this Traffic Analyzer without TrendMicro services enabled.

Yep I know :) I revived this thread just hoping someone has a workaround to either:
  • Block all requests to TrendMicro while these features are enabled, such that the UI will still display general bandwidth usage per internal IP but be unable to classify what the traffic is (due to the blocked requests)
  • Manually run the underlying processes that power these features via SSH, such that I can extract per-IP traffic summary data at a lower level without using the web UI
  • Use an entirely separate daemon (maybe via amtm) that can provide these breakdowns, but I haven't seen anything like this
I'm essentially echoing everyone's frustrations about how these features are locked behind TrendMicro's web services, understanding that TrendMicro is necessary to be able to classify threats and traffic type, but personally not needing such classification.
 
If you start blocking TrendMicro connections the related services will stop running some time after. This is a 3rd party software integrated in firmware. You perhaps need some other hardware and software capable of doing what you want locally. There are packages available for pfSense like bandwidthd, Darkstat, ntopng, Status Traffic Totals, etc. It can also do IPS/IDS and DNS/IP blocking locally. It doesn't need/use NAT acceleration on x86 hardware.
 
If you start blocking TrendMicro connections the related services will stop running some time after. This is a 3rd party software integrated in firmware. You perhaps need some other hardware and software capable of doing what you want locally. There are packages available for pfSense like bandwidthd, Darkstat, ntopng, Status Traffic Totals, etc. It can also do IPS/IDS and DNS/IP blocking locally. It doesn't need/use NAT acceleration on x86 hardware.

Yeah, I suppose I'm asking for something a bit more than can be expected from a consumer/prosumer router. I'll have a look at pfSense. I really appreciate you taking the time to give your input, thank you for the insights!
 
this subject never get old , has been going on for 10 years . I turn it off as it eats memory , never had a problem while it was on , then again it has only given me one alert on a cell phone being used by my daughter that had some funky stuff going on , did not care as she was on a guest network , One must assume Trend micro is a minor concern using the interweb ,data is the new gold , don´t sweat it
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top