Excessive requests for rgom10-en.url.trendmicro.com

chevyrt · February 23, 2020, 8:28am

I am seeing high numbers of requests for rgom10-en.url.trendmicro.com coming from my Asus RT-AC86U router, using latest stock firmware. I believe this is the domain used by Trend Micro to check security of the router, as Asus has made some partnership with them. I have disabled AiProtection in the router options, but still these requests do not stop.

So far today these requests have averaged 3 times a minute, at a time we are all sleeping and no one is using the internet. The query log shows these requests coming from my router.

I have the router configured to provide the Pi as the DNS server to clients. But to also use it as the WAN DNS.

Is there any way I can see what is causing this and stop it? I tried searching on the internet and I cannot find other devices that use this domain. These requests make the dashboard data a bit off, but do not appear to have any affect on he function of the Pi-Hole.

Bucking_Horn · February 23, 2020, 12:41pm

It would seem that you have enabled at least some of the more sophisticated features of your ASUS router (like parental controls, device-specific daily allowances, QoS, filtering among others).

Upon enabling those features, you should have been prompted to accept a EULA, agreeing to disclose just about any information collectable on your network (including network layout, devices, emails and attachments) to be reported and transferred to them and do with it whatever fits their bill.
The EULA would be tuned to adopt to legislative requirements of the respective countries you operate your ASUS device in. I am not aware of any reports that would confirm or invalidate whether actual data collection is adopted accordingly as well.
ASUS and TrendMicro Data Collection makes for an interesting read about this.

You may want to watch out for access to the following domains as well (click for details):

Qouting from the article linked above:

fbsv1.trendmicro.com
fbsv2.trendmicro.com
ntd-asus-2014b-en.fbs20.trendmicro.com
gslb1.fbs.trendmicro.com.akadns.net
rgom10-en.url.trendmicro.com
trendmicro.com.edgesuite.net
slb1.fbs.trendmicro.com.akadns.net
activeupdate.trendmicro.co.jp
backup21.url.trendmicro.com
wrs.trendmicro.com
e5110.dscd.akamaiedge.net
dlcdnets.asus.com
wideip-dlcdnets.isoi.asia
dlcdnets-ds.asus.com.edgekey.net

It might be possible to get rid of some of that traffic by disabling some of those services, but I wouldn't count on it.

That leaves you with the following options:
a) block access to those domains suspicious of leaking data off your network by adding them to Pi-hole's blacklist.
b) contact ASUS support to file a complaint and see whether/how they react
c) try a custom ROM
d) get another router

chevyrt · February 23, 2020, 1:33pm

I moved to Merlin firmware and will monitor for excessive traffic, but it looks like that domain is still showing up.

So I went to /Administraton/Privacy and withdraw consent about Trend Micro.

Now http://rgom10-en.url.trendmicro.com is not showing up in my blocked queries.

system · March 15, 2020, 1:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.