Suspicious DNS query to trendmicro

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Suspicious DNS query to trendmicro

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Suspicious DNS query to trendmicro
Suspicious DNS query to trendmicro
2023-06-14 15:22:41
Model: Deco M9 Plus  
Hardware Version: V2
Firmware Version: 1.6.1

I have disabled all web protection by trendmicro and yet the router still sends DNS query to trendmicro.com. Look at how much trendmicro DNS queries were made in the last month. (I tried to add it the blocklist but the DNS queries quadrupled so I had to disable it)

30 days stats

 

I have also attached 24 hours statistics as well. You can see between 2300H to 0900H where there were no users on the network, and yet queries queries queries

 

 

How can I disable this completely?

  1      
  1      
#1
Options
3 Reply
Re:Suspicious DNS query to trendmicro
2023-06-15 03:39:47

  @fishermanG 

Hi, Do you have a main DHCP router connected ahead of Deco M9 Plus? If yes, you could try to set Deco M9 Plus into Access Point mode:

How to set up Deco to work in Access Point mode

 

I see you mentioned after adding trendmicro.com to the blocklist, the DNS queries to TrendMicro did not reduce otherwise it quadrupled? May I know what program you use to monitor the DNS query?

 

Thank you very much.

Best regards.

  0  
  0  
#2
Options
Re:Suspicious DNS query to trendmicro
2023-06-15 04:41:20 - last edited 2023-06-15 04:43:00

  @David-TP 

 

thanks for the reply. 
 

Ya I'm using as router mode and there's a DHCP server before the deco. 

 

I'm using AdGuard DNS to monitor the DNS traffic. 

When I added *.trendmicro.com to the blocklist, any DNS query to that domain will fail, and hence it made sense why deco would constantly ping that domain until there's a response. 

 

So you are suggesting that the only way to switch off trendmicro completely is by switching to AP mode? 
 

Why does the deco have to query trendmicro even when the user has explicitly disabled the protection service? 
 

 

  1  
  1  
#3
Options
Re:Suspicious DNS query to trendmicro
2023-06-20 08:40:06

  @fishermanG 

Hi, Thank you very much for the update.

On the Deco M9 plus, apart from Antivirus, QOS, and Parental Control are also powered by TrendMicro. Currently, this module is enabled by default on wireless router mode, and could only be disabled under Access Point mode.

Best regards.

 

 

  0  
  0  
#4
Options