I use Malwarebytes and the web filter functionality puzzles me. As far as my research has found, antivirus engines typically use a proxy to intercept web requests which typically there would be evidence in the certificate used to encrypt the connection (ie the issuer certificate), however Malwarebytes is able to intercept web requests and doesn't show a custom certificate.
This has me confused cause my research so far has shown:
- You have to use your own CA and certificates in order to decrypt the web traffic
- You have to add it to your system and browser's trust stores for certificates
Malwarebytes however, doesn't appear to do any of the things above and is still able to intercept both SSL and non-SSL traffic. It intercepts traffic from every program.
I am mainly wondering how they do this? Presumably they use Windows Filtering Platform in order to do this, but in what way do they use it? I'd imagine there has to be some sort of configuration change, or something of the like in order to do this?
I wasn't sure whether or not to ask this on StackOverflow since it is to do with specific software and how it works, rather than specifically with coding.