Home Network Community > Deco > M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware
< Deco

M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware

12

M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware

M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware
M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware
Saturday - last edited Monday
Tags: #Firmware Update #Maleware
Model: Deco M5  
Hardware Version: V3
Firmware Version: 1.9.1 built 20250909 Rel 37570

Hi, in the latest firmware 1.9.1 built 20250909 Rel 37570 there is now a change to the network security, blocking non-threats. Change as this never happened earlier, blocking actual threats have worked pretty good (what i know of) but never noticed non threats. Not on this scale. its blocking traffic from the smart-home server and other computers that IS NOT a threat or a Malware.

 

From my experience selected threats to block should be selected from proof (knowledge) set to the security parameter knowing if its a threat or not. Just randomly picking trusted communication (from inside) to block is not good security and not acceptable. The behavior to randomly select a planned communication to block a no threat event today that was let through yesterday is just weird and shows it's not thought through by the development team. If its a threat, ALL communications would have been picked and selected at the same day as I know they are planned, and happening several times a day.

 

How does the system identify a threat?????. If I have to go in everyday and unblock everything is way too much work. Should I send my invoice for all the time to TP-Link corporation?

 

Examples of blocks are

- API Http requests

- Apple OS system functions to clouds, calendar links.

- Samsung OS system functions to Samsung servers

- EV Vehicle Service communications

 

AND I have to add! I cant prove anything... but see a connection. Something strange is going on. The Mac that had several malware blocks on something that isn't a malware, suddenly have issues reaching internal IP addresses!!! Not OK.

 

Deco is such a crap system.

  1      
 
  1      
 
#1
Options
18 Reply
Malicious Content Filter is ... malicious. Or useless since blocks API calls and normal traffic constantly
Sunday

 @MrHomeAdmin I am having the same issue. Indeed, this does not look specific to M5 Firmware 1.9.1 and is also happening to my M9 Plus running 1.9.1 too.

 

 @David-TP , the 'Malicious Content Filter' is almost useless since it blocks traffic which is obviously NOT a threat. I do not know what DB it is using or what is the algorithm, but is terribly implemented. Just a quick example of the URL that has blocked (and I have to constantly review to unblock) (I cannot post the URL literally so I will describe):

 

- iCloud syncronization

- Cloudflare 'one' DNS

- More than 'predictable' and 'well known' IOT API calls (Phillips Hue lights, Hon airco, BDR Thermea heater, Airthings air filter, Aqara Cameras, Shelly devices, Nuki, etc.)

 

What's happening ?

  2  
  2  
#2
Options
Re:M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware
Sunday

I'm having same issue with M5 running 1.9.1. Have to whitelist many sites which are obiviously  not harmful. 

Uusikaupunki, Finland
  0  
  0  
#3
Options
Re: Malicious Content Filter is ... malicious. Or useless since blocks API calls and normal traffic constantly
Sunday - last edited Monday

  @aspaviento Thanks for your contribution and for adding some useful info.

I haven't seen any IoT devices being blocked yet ... as the filter randomly picks something new every now and then, it might happen. It has caused important functions in the smart setup to fail. Integrations who controls devices due to electricity prices (missing data as it was blocked). The price to pay for not spending time on notifications when integrations are failing (my own fault). However its time to ditch Deco and TP-link for something better. 

 

  @manni Yes, unnecessary and time-consuming work. Please feedback again if you experience anything weird. Thanks for posting, good to highlight there is a problem.

  0  
  0  
#4
Options
Malicious Content Filter is ... malicious. Or useless since blocks API calls and normal traffic constantly
Monday

  @MrHomeAdmin 

 

For anyone having this issue If you haven't done so already can you please help me submit the Deco APP log here:How to submit Deco APP log

 

The more info we can get on this problem the better 

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1
  0  
  0  
#5
Options
Re: Malicious Content Filter blocks non-threats. Submit Systemlog
Monday - last edited Monday

  @HelpFixDecoApp  I've forwarded the log from our setup as you wish. Please let me know if there is anything else you need.

I might role back to a stable version due to disruptions, its critical to us and don't have time to check the app several times a day. Need to figure out the version that worked well as I can recall som issues after a firmware upgrade this year.

  1  
  1  
#6
Options
Re:M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware - Extra Malware scans
Monday - last edited Monday

I've been running some additional virus and Malware scans on key units in the network and didn't find anything. The Mac that I am using isn't used by anyone else meaning I have full control of what is being installed and how its used. This is the Mac that had the most issues. Will continue to look at some of the other laptops.

 

Then we have family members that might visit websites with dodgy attempts on their handheld devices but that is normally blocked as expected.

  0  
  0  
#7
Options
Re:M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware - Extra Malware scans
Monday - last edited Monday

  @MrHomeAdmin 

@manni 

Hi, thank you very much for the App logs. Can you also add some screenshots of the Security Blocking records?

I've left a beta firmware for Deco M5. Please also help me test whether it helps.

Wait for your reply.

Best regards.

Check What's Currently Going on With DecoParental Control Upgrade on HomeCare ModelsDeco BE85 1.2.0 Enhanced Mesh Backhaul Stability and Device Roaming ExperienceDeco BE65/BE65 Pro 1.2.0 Enhanced Mesh Network Stability and System SecurityDeco BE75 1.1.0 Added WireGuard VPN, Manual Channel Selection and More Try to leave a Message if urgent help is required.
  0  
  0  
#8
Options
Malicious Content Filter is ... malicious. Or useless since blocks API calls and normal traffic constantly
Monday

  @aspaviento 

Hi, thank you very much for the feedback.

There hasn't been a beta firmware for Deco M9 Plus. Could you please help me submit the Deco App so that I can forward your case to the senior engineer for further assistance?

Please also add some screenshots of the security blocking records.

Thanks a lot.

Best regards.

Check What's Currently Going on With DecoParental Control Upgrade on HomeCare ModelsDeco BE85 1.2.0 Enhanced Mesh Backhaul Stability and Device Roaming ExperienceDeco BE65/BE65 Pro 1.2.0 Enhanced Mesh Network Stability and System SecurityDeco BE75 1.1.0 Added WireGuard VPN, Manual Channel Selection and More Try to leave a Message if urgent help is required.
  0  
  0  
#9
Options
Re:M5 Firmware 1.9.1 built 20250909 Rel 37570 Blocking Malware that isn't Malware - Beta testing & Screenshots
Monday

  @David-TP Hi, I've received the beta, thanks. Its Autumn mid term breaks this week, meaning I won't (can't as I might get lynched wink) disrupt the network until after midnight (our timezone UTC+01:00).

 

Screenshots are on the way.

(Can't any blocks be caught in the log?)

  0  
  0  
#10
Options
Malicious Content Filter is ... malicious. Or useless since blocks API calls and normal traffic constantly
Monday

  @David-TP Here's most recent:

 

Can't see previous blocked sites, because there's so much of these same messages. 

Uusikaupunki, Finland
  2  
  2  
#11
Options
12

Information

Helpful: 1

Views: 321

Replies: 18

Tags

Firmware Update
Maleware
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.