Need some more info from HomeCare Antivirus

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Need some more info from HomeCare Antivirus

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Need some more info from HomeCare Antivirus
Need some more info from HomeCare Antivirus
2019-12-20 22:51:02
Model: Archer A20  
Hardware Version:
Firmware Version:

OK, the limited info HomeCare History gives is not cutting it. I need more direct info and the cause. Here is what I get in the HISTORY:

 

 

Wife's PC is clearly doing it. She claims she's done nothing to make this happen. FINALLY nailed it down to she an email from Trivia Smart. She uses Thunderbird as her e-mail client. All she 'claims' she did was get her e-mail off of our ISP mail server. She clicked on the e-mail in her Inbox and then quickly deleted it. That was enough to make the entry it seems.

 

I suspect something in the e-mail (she deleted it and closed Thunderbird and it is lost) probably goes to that site to get some JPG's I'd bet, but why block it? It makes no sense? She never actually tried physically to go there? Probably that site has a poor reputation, but 'we' have NO CONTROL over this (do with Norton which is on the PC and HAS never complained).

 

Is it possible to get more details? Like WHAT was actually requested? The full URL possibly? The fact that she could see the entire e-mail, or at least she never knew something was missing is another 'problem'? Why nothing placed in the e-mail to show something was blocked?

 

I know I complained about this before, but it would really be nice to know something can/will be done?

  0      
  0      
#1
Options
4 Reply
Re:Need some more info from HomeCare Antivirus
2019-12-21 00:27:29

@IrvSp 

 

At this time there really isn't much we can do.  This is the information that is coming directly from TrendMirco.  We really have very little control over what is displayed.  Likely what was blocked was something that was being piggy backed on the email as your wife breifly opened it.   The best we can do at this time at least is have development contact TM to provide updates to us that provide more robust anoucments, which i will do for you. 

 

  1  
  1  
#2
Options
Re:Need some more info from HomeCare Antivirus
2019-12-21 15:07:36

@Carl 

 

Thanks, I was afraid that was the answer...

 

I have today figured out the 'when' but NOT the 'why'?

 

Like me, she uses MailWasherPro to 'sort' her e-mail and removed the known spam.  Then she'll look at the subjects and senders and mark any that she wouldn't want to either be added to the SPAM list or just delete them. Then MailWasher starts Thunderbird and she brings in the mail.

 

Today she saw the usual one from Triva Smart in MailWasher. I told her not to do anything and check HomeCare History. Nothing, good. She them selected it, still nothing, then asked MailWasher to load the HTML (Text is the default). Again, no entry into the History. Next she started Thunderbird and took in her mail. Boom, there it was in the history. She did NOTHING other than bring in the e-mail.

 

Here is the root problem. It is somehow TM has put TriviaSmart.Com on a BLACKLIST. Doesn't matter WHAT you are trying to do.

 

I decided to try and enter it into my URL of the browser and go there. POOF, I get this page: http://192.168.0.1/webpages/shn_blocking.html?cat_id=76&mac=F8B156DD6A5B&domain=triviasmarts.com/ and I'm blocked (the page shown):

 

 

All because I entered the URL.

 

Is that enough to INFECT my PC? Doubt it?

 

I did find this on the web, https://any.run/report/daccaf19c51f46df90c593d2fb19bbc6e082c5467b208df69fb79437ce9fabb1/03ede781-7358-4656-a3c9-97ca8e1b7ebfhttps://any.run/report/daccaf19c51f46df90c593d2fb19bbc6e082c5467b208df69fb79437ce9fabb1/03ede781-7358-4656-a3c9-97ca8e1b7ebf

and it appears someone tested that site (of course I can't as I can't get to it unless I disable HC?). No problems found.

 

It is quite possible the site could have a real 'phishing' function on it? After all, sites can do many things. I think TM is basically not doing enough to determine where the problem may be (or was) and has taken the approach of blocking the whole site. Don't forget these data points:

 

  • E-Mail was sent to my wife from AARP recommending using it.
  • A20 was installed in Sept. 2019.
  • Before that a NG R8000 was installed.
  • Since July Norton 360 was (and still is) installed on all PC's.
  • Before that, Norton Security Suite 2019 was installed on all PC's.

 

Norton NEVER complained or blocked anything related to that daily e-mail.

 

Oh, yes I can turn off the Malicious Content Filter and get to TRIVIASMART.COM, and yes, Norton 360 had no problems.

 

From all the info I can find on-line about HC it seems it basically has a WHITELIST/BLACKLIST of sites that is updated periodically. That list probably resides in the router. Can't see the router going outside to the Internet to check the list(s) for every outgoing TCP/IP packet? The problem with a whole site block is that this is what can happen. I get SPAM from a lot of places. I send them off to SPAMCOP and it notifies those that send it and where the payload resides. CLOUDFLARE, HOOTSUITE, and AMAZONAWS are many of those hosting suspect files. TM probably would never block those IP Addresses I'm sure. They need greater determination of the threat URL it seems, not sitewide. Maybe something as simple as having the ability of a whitelist ON the router one could add to via History? Note the above say I can report it, I did a few days ago, nothing changed. Even Norton when it pops something up on the Browser offers to let me go there if I wish. Also has a setting in Norton to exclude it.

 

 

 

 

  0  
  0  
#3
Options
Re:Need some more info from HomeCare Antivirus
2019-12-31 00:16:43 - last edited 2019-12-31 00:19:59

@IrvSp 

 

 

Thank you for the details.  I am pushing this to our HomeCare team.  My hope is that they can reach out to TrendMicro internally and see if anything can be done.  I assume that you clicked the link on the bottom to report the site as "safe" to TM, right?

 

  0  
  0  
#4
Options
Re:Need some more info from HomeCare Antivirus
2019-12-31 01:14:31

@Carl 

 

Yes, I did... and so far, it appears that didn't do much... no change.

 

I am sort of wondering what is the value of even using HomeCare?

 

I am not debating if TM or Norton is better, but I'd think by now they'd both be effective for KNOWN security risks. This happened to me yesterday:

 

 

This got through HC, an intrusion attampt.

 

Like I said, I've sort of figured out that HC is bacially a 'scanner' if you will, of what web sites one goes to. Not what data flows into the LAN? Maybe I've got it wrong here? Don't know? If this IS the case that HC is only a scanner of where the TCP/IP packet comes from, then HC is nothing more than a front-end stopping one from going to a site it 'feels' isn't good? Yeah, that is protection of sorts, but many sites do have both good parts and the bad parts one would think? Seems HC just has a BLOCK LIST by domain possibly? It would block all access to the site if it was in a block list it seems?

 

Your own TP-Link page, https://www.tp-link.com/us/homecare/https://www.tp-link.com/us/homecare/ sort of implies full protection though:

 

Under Antivirus:

 

===============

Every device accesses the internet through your router. That includes products that don’t normally have their own protection from cyber threats. HomeCare TM provides comprehensive antivirus protection for your router, keeping all your connected devices safe.

================

 

OK, it HC does its job, this is true.

 

Under Adaptive Antivirus:

 

==============

Antivirus powered by Trend Micro TM protects every device on your network. It provides malicious content filtering and intrusion prevention, as well as a quarantine for infected devices. An active database protects every connected device from external threats.

==============

 

OK, under those two 'features', I (Norton) should have never seen the Intrusion attempt? These are BUZZWORDS, "malicious content filtering and intrusion prevention", what exactly does it do and how does it inform someone that it has done something (which it seems it doesn't to me?)?

 

From another site, https://www.slashgear.com/tp-link-homecare-adds-extra-security-parental-controls-to-some-routers-11491058/

 

=========

HomeCare’s network security features are powered by Trend Micro, according to TP-Link, which says the software will protect all the devices on a network from things like malicious websites, hackers and more. The HomeCare feature is constantly scanning for virus patterns, the company explains, keeping them away before your computer and other items that can be infected. If a device ends up infected, it gets quarantined and the system alerts its owner to the problem.

=========

 

Again, I should have never seen that from Norton, other than the 'normal' warnings I get from Norton, the one above seems 'real'. Of course, Norton could be the culprit here I'll admit and was 'overzealous' possibly.

 

I'm not trying to start a 'protection' war, just that I'm beginning to feel HC will not cut it in terms of 100% protection? That and conflicts I see with Norton make me feel HomeCare isn't doing much for me? My phones are running McAfee, PC's Norton 360, and I was hoping that HC would avoid the need to have them? Doesn't seem to be the case?

 

 

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 2191

Replies: 4

Related Articles