🅭

How a Trend Micro router security feature broke Steam

It took me a few hours of troubleshooting to figure out that there was nothing wrong with my new PC hardware – it was my damned ASUS router that was blocking me from installing Steam.

Steam needs to be online to update. Please confirm your network connection and try again.

My device was online and it passed every standard network test. Steam’s status page showed their servers were online and that all services were fully operational. Everything else seemed to be able to connect to the internet, so what was going on?

I had to reinstall Windows on my PC last week as Windows don’t like it when you install a brand new mainboard and processor on an installed system. The system was overdue for the good old clean-installation treatment anyway, and I only use the Windows system for gaming. So, I’d a new mainboard with a new network interface and a fresh Windows installation with new drivers for the new hardware.

It took me quite some time to work out that I wasn’t dealing with any problems with my new hardware or drivers.

I had quite a few negative things to say about the AiProtection, or “Malicious Sites Blocking” by Trend Micro, feature in my recent review of the ASUSWRT router firmware. In closing I recommended that people avoid routers that incorporate Trend Micro security features.

I still use that same ASUS router as my home network router. It was quite expensive and I haven’t found any good consumer grade replacement for it yet. I’d turned on “Malicious Sites Blocking” as part of that review, and unfortunately I forgot to turn it back off again.

The Malicious Site Blocking feature regularly downloads a list of blocklisted URLs and patterns from Trend Micro that contains suspected of distributing malware. It just happens that it recently included some of Steam’s – the popular game distribution platform — download mirrors. This resulted in a Fatal Error in the Steam update installer and prevented it from installing Steam.

Once I’d turned off the site blocking feature in my router, the Steam installer finished up in seconds.

This could have been a real security issue, but as the security alerts showed up in the router’s logs rather than on my device I’d no way of knowing that the router had interfered with my network traffic. This is quite a big flaw with ASUSWRT as it should have a better system for notifying users of security incidents.

Lessons learned: Don’t buy routers with “Home network security” features beyond those you expect to find on a router. Trust in Windows’ built in Microsoft SmartScreen blocklists to keep your device free from known threats rather than third-party lists as antivirus providers frequently include false positives. (Antivirus vendors have always hated ‘network installers’ because they behave much like viruses.)