Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2020-09-19 08:58:54
Model: Archer C2300  
Hardware Version: V2
Firmware Version: 1.1.0 Build 20200714 rel.30791(4555)

Hi,

 

I've been very happy with my Archer C2300 v2.0 for the past year. After the firmware update to 1.1.0 Build 20200714 rel.30791(4555) I keep on seeing A LOT of DNS requests (over 7500 in the course of 12 hours) coming from the router towards rgom10-tplink-en.url.trendmicro.com , even though I have never activated the antivirus feature.

 

I've double checked and the antivirus feature is disabled, but

(1) it keeps making DNS requests towards that domain

(2) it keeps blocking certain websites

 

I don't have any other antivirus software on my network or DNS/browser feature that would query the TrendMicro domain(s).

 

I strongly believe that this is not the intended behaviour and it's a bug.

 

  0      
  0      
#1
Options
8 Reply
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2020-09-21 16:18:15

@Geegee 

 

Do you have any parental controls configured? If so remove those, and test again.

 

The site you showed that was blocked, if you enter that side on multiple devices do they all get blocked?

  0  
  0  
#2
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2020-09-21 17:06:05

Hi @Tony 

 

Thank you for you answer. I've checked and I don't have parental controls activated. The blocking behaviour took place on my desktop computer, I haven't checked with other devices. Right now the blocking behaviour is not happening anymore, but I still see A LOT of DNS requests coming from the router. This has happened immediately after I upgraded the firmware to the latest version. Do you think this behaviour is normal?

 

 

These are DNS requests from the past 7 days:

 

  0  
  0  
#3
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2020-09-22 20:43:13

@Geegee 

 

What I was able to gather was the links are pointing to Trend Micro for the purpose of judging the link characteristic value. 

 

Are you using QoS or is that disabled as well?

  0  
  0  
#4
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2020-09-25 09:30:35

Hi @Tony 

 

I'm not using any special features – be it QoS, Parental controls, antivirus or anything else. I'm actually running a very simple setup, bare-bones.

Thanks for looking into this.

  0  
  0  
#5
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2021-02-19 17:45:08

I just started seeing a questionable site being blocked as a scam by my C2300 router. May be a good thing, but am unable to confirm this is current info. 

 

How can I force an update to the content/definitions that HomeCare/trendmicro is using? HomeCare is enabled and reporting last update of 2/1/2021.
 

Additionally, I am unable to confirm the blocked site is a problem or false-positive with trendmicro.com while other security tools are reporting the site as good/green (Norton 360/safe search). 

  0  
  0  
#6
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2021-02-19 22:17:10
Update: the router’s HomeCare webpage states Trendmicro update was done this AM, so the Tether app is out of date (bug report, please). Still have the question of how to get more info from Trendmicro so we can verify a potential scam false-positive.
  0  
  0  
#7
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2021-02-19 23:48:43

@DavePi 

 

This site is where you can look up a respective URL to see how it is categorized: https://global.sitesafety.trendmicro.com/

 

After looking up a site you can request a reclassification of that URL.

  0  
  0  
#8
Options
Re:Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
2021-02-20 03:19:25

@Tony thanks for the site. Now at 4-to-1 reporting safe, even though we are siding with trendmicro. Requested Norton take a fresh look. 
 

Last question: is there a way to request the router update its virus DB? I am fine if the answer is an SSH/CLI. 

  0  
  0  
#9
Options