Archer C2300 v2.0 using TrendMicro antivirus feature when it's disabled
Hi,
I've been very happy with my Archer C2300 v2.0 for the past year. After the firmware update to 1.1.0 Build 20200714 rel.30791(4555) I keep on seeing A LOT of DNS requests (over 7500 in the course of 12 hours) coming from the router towards rgom10-tplink-en.url.trendmicro.com , even though I have never activated the antivirus feature.
I've double checked and the antivirus feature is disabled, but
(1) it keeps making DNS requests towards that domain
(2) it keeps blocking certain websites
I don't have any other antivirus software on my network or DNS/browser feature that would query the TrendMicro domain(s).
I strongly believe that this is not the intended behaviour and it's a bug.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Do you have any parental controls configured? If so remove those, and test again.
The site you showed that was blocked, if you enter that side on multiple devices do they all get blocked?
- Copy Link
- Report Inappropriate Content
Hi @Tony
Thank you for you answer. I've checked and I don't have parental controls activated. The blocking behaviour took place on my desktop computer, I haven't checked with other devices. Right now the blocking behaviour is not happening anymore, but I still see A LOT of DNS requests coming from the router. This has happened immediately after I upgraded the firmware to the latest version. Do you think this behaviour is normal?
These are DNS requests from the past 7 days:
- Copy Link
- Report Inappropriate Content
What I was able to gather was the links are pointing to Trend Micro for the purpose of judging the link characteristic value.
Are you using QoS or is that disabled as well?
- Copy Link
- Report Inappropriate Content
Hi @Tony
I'm not using any special features – be it QoS, Parental controls, antivirus or anything else. I'm actually running a very simple setup, bare-bones.
Thanks for looking into this.
- Copy Link
- Report Inappropriate Content
I just started seeing a questionable site being blocked as a scam by my C2300 router. May be a good thing, but am unable to confirm this is current info.
How can I force an update to the content/definitions that HomeCare/trendmicro is using? HomeCare is enabled and reporting last update of 2/1/2021.
Additionally, I am unable to confirm the blocked site is a problem or false-positive with trendmicro.com while other security tools are reporting the site as good/green (Norton 360/safe search).
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
This site is where you can look up a respective URL to see how it is categorized: https://global.sitesafety.trendmicro.com/
After looking up a site you can request a reclassification of that URL.
- Copy Link
- Report Inappropriate Content
@Tony thanks for the site. Now at 4-to-1 reporting safe, even though we are siding with trendmicro. Requested Norton take a fresh look.
Last question: is there a way to request the router update its virus DB? I am fine if the answer is an SSH/CLI.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2048
Replies: 8
Voters 0
No one has voted for it yet.