Advice Request AVs without HTTPS interception/filtering + browser extensions

Please provide comments and solutions that are helpful to the author of this topic.

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
Https scanning and web/surf protection are 2 different features. I'm using AVAST. Disabling one will not disable the other.
Are you sure about this? Because HTTPS scanning/filtering/interception (3 words that imply the same feature) is performed to protect your web browsing - at least in theory.

From the Avast website: "This feature is enabled by default to ensure your full security. If you disable HTTPS scanning, any malware delivered by HTTPS traffic is hidden by TLS/SSL encryption and your computer is more vulnerable to threats."

Managing HTTPS scanning in Web Shield in Avast Antivirus

You are not disabling web protection entirely, but protection is crippled to HTTP-only: almost useless.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,048
Are you sure about this? Because HTTPS scanning/filtering/interception (3 words that imply the same feature) is performed to protect your web browsing - at least in theory.

From the Avast website: "This feature is enabled by default to ensure your full security. If you disable HTTPS scanning, any malware delivered by HTTPS traffic is hidden by TLS/SSL encryption and your computer is more vulnerable to threats."

Managing HTTPS scanning in Web Shield in Avast Antivirus

You are not disabling web protection entirely, but protection is crippled to HTTP-only: almost useless.
Enabled by default means you can disable it as you like. This applies in my case

I have https scanning enabled in my Adguard for desktop. I think I trust Adguard more
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,820
Unless I'm mistaken, Microsoft Defender's full protection is only available when paired with Microsoft Edge. It's even worse than browser-specific extensions: it's a single-browser AV. In any case, it's not an option - forgot to mention it in my first post.
True unless you enable network protection, which offers OS-wide malicious domain protection for all applications (browsers included) without filtering HTTPS. But as it's not an option, ignore the recommendation.
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
DrWeb does not have HTTPS interception enabled by default and it uses no browser extension.
DrWeb looks interesting, I'll check it out - thanks.

True unless you enable network protection, which offers OS-wide malicious domain protection for all applications (browsers included) without filtering HTTPS. But as it's not an option, ignore the recommendation.
That's actually great advice. I have tried ConfigureDefender (HIGH mode) which enables Network Protection, but didn't know it was OS-wide. I assume it offers decent web protection?

So, Defender scores some extra points. It has a bad UI, a bit too disk-intensive and not the most private of tools, but we are using Windows anyway... I'll reconsider it.

F-secure is a good choice if you don't want https scannings.
Thanks, I'll check it.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,671
Disabling HTTPS scanning doesn't mean that the protection is restricted to HTTP only. It only means that your HTTPS traffic won't be decrypted to scan the content in it like scanning the content of malicious javascript loaded by a website site.
Known bad HTTPS hosts are still blocked. This is true for all Avast, Bitdefender, ESET, Kaspersky, etc.
Norton doesn't do HTTPS scanning but relies on an extension. Though I have seen Norton blocking malicious connections even without browser extension but in rare cases. They have the ability but don't utilize it fully for some reason.
Without browser extension, F-Secure & G-Data's web blocking is restricted to HTTP only.
MD's network protection should have been better but in general, it blocks nothing but increase CPU usage under heavy downloads.
Simply disabling HTTPS protection in the AV should be enough. There are many members on the forum who use their preferred product in such way.
 

Virtuoso

Level 3
Feb 21, 2022
102
Disabling HTTPS scanning doesn't mean that the protection is restricted to HTTP only. It only means that your HTTPS traffic won't be decrypted to scan the content in it like scanning the content of malicious javascript loaded by a website site.
Known bad HTTPS hosts are still blocked. This is true for all Avast, Bitdefender, ESET, Kaspersky, etc.
Norton doesn't do HTTPS scanning but relies on an extension. Though I have seen Norton blocking malicious connections even without browser extension but in rare cases. They have the ability but don't utilize it fully for some reason.
Without browser extension, F-Secure & G-Data's web blocking is restricted to HTTP only.
MD's network protection should have been better but in general, it blocks nothing but increase CPU usage under heavy downloads.
Simply disabling HTTPS protection in the AV should be enough. There are many members on the forum who use their preferred product in such way.

Bitdefender web browsing is fast even with HTTPS scanning, what is your opinion about F-secure browser extension in terms of both security provided and browsing speeds?

One thing I do not like about F-secure is loads of URL false positives web blocking, F-secure even blocked an Indian payment processor/payment gateway and I was befuddled with my payments getting blocked. Reported it to F-secure and they took 20 days to rectify that problem.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,671
Bitdefender web browsing is fast even with HTTPS scanning, what is your opinion about F-secure browser extension in terms of both security provided and browsing speeds?

One thing I do not like about F-secure is loads of URL false positives web blocking, F-secure even blocked an Indian payment processor/payment gateway and I was befuddled with my payments getting blocked. Reported it to F-secure and they took 20 days to rectify that problem.
Yeah, Bitdefender is fast because they don't do HTTPS scanning on many sites. Website wise or certificate wise, they have a large whitelist. These are sites that they are probably confident of not having any malicious contents. So that's why browsing is very fast. Avast & ESET are the fastest in my experience on sites where they perform HTTPS scanning and also lower CPU usage.
About F-Secure, I found browsing to be very fast when I tried it, but I saw a couple of users who had issues with browsing speed. Can't really tell about website blocking as I never used it for too long because it gives me some other problems. F-Secure's super slow response to user submission is a major problem indeed. I don't remember receiving a response from them in less than 7 days, which is already too long if it's a false positive. 20 days is extreme.
Bitdefender, Kaspersky, Norton and Microsoft are very fast at fixing false positives in my experience. Microsoft is fast 7 days a week, while the other four I mentioned won't be responsive during weekends.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,671
Thank you SeriousHoax for the good info. I'm a bit surprised to hear that MD's Network Protection "blocks nothing".
According to Microsoft's documents, it seems that it should block everything that's blocked by SmartScreen, but that doesn't happen in practice. I've seen it blocking sites 3-4 times in the same amount of years, only when actively went on to search for malware. I think it's mainly intendant for Enterprise users, where policies can be set to block various types of sites not exclusive to malicious. Recently, MS seems to have updated to make it block malware C2C servers, but maybe that's exclusive to Enterprise customers only. Kind of all MS documents only refer to MD Enterprise, so often it's not easy to know what is available for home users.
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
Disabling HTTPS scanning doesn't mean that the protection is restricted to HTTP only. It only means that your HTTPS traffic won't be decrypted to scan the content in it like scanning the content of malicious javascript loaded by a website site.
Known bad HTTPS hosts are still blocked. This is true for all Avast, Bitdefender, ESET, Kaspersky, etc
...
Simply disabling HTTPS protection in the AV should be enough. There are many members on the forum who use their preferred product in such way.
This bit remains confusing for me. Trying ESET Internet Security at the moment. It's clear from its options -and their website- that if SSL/TLS filtering is disabled (i.e. no root certificate installed), Web Protection for HTTPS becomes disabled/greyed out:

Protocol filtering - ESET
Web Protocols - ESET
SSL/TLS - ESET

LtHnbJY.png

You are saying that even if SSL/TLS filtering is disabled, some sort of basic HTTPS Web Protection is still enabled, correct? Nothing though seems to indicate this in ESET's website and their in-program options.
 
Last edited:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,671
This bit remains confusing for me. Trying ESET Internet Security at the moment. It's clear from its options -and their website- that if SSL/TLS filtering is disabled (i.e. no root certificate installed), Web Protection for HTTPS becomes disabled/greyed out:

Protocol filtering - ESET
Web Protocols - ESET
SSL/TLS - ESET

LtHnbJY.png

You are saying that even if SSL/TLS filtering is disabled, some sort of basic HTTPS Web Protection is still enabled, correct? Nothing though seems to indicate this in ESET's website and their in-program options.
On ESET, you have many options to configure it in different ways. Instead of blocking SSL filtering completely, disable the option "Add the root certificate to known browsers" and in the option of "List of SSL/TLS filtered applications", add your browsers and set them to ignore.
On ESET there are even options to make it not do HTTPS scanning on specific websites only. So it has a lot of customization ability.
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
On ESET, you have many options to configure it in different ways. Instead of blocking SSL filtering completely, disable the option "Add the root certificate to known browsers"...
That is possible, but:

"For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET be added to the list of known root certificates (publishers)" (ESET link)

So, I'm still not 100% sure if HTTPS web protection actually works without installing the certificate, at least in ESET's case. The quote above is clear: it is essential and it won't work properly without it. I'll ask them.
 
  • Like
Reactions: SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,671
That is possible, but:

"For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET be added to the list of known root certificates (publishers)" (ESET link)

So, I'm still not 100% sure if HTTPS web protection actually works without installing the certificate, at least in ESET's case. The quote above is clear: it is essential and it won't work properly without it. I'll ask them.
Maybe try it like this, turn off "Add the root certificate to known browsers". Then open your browser, visit an HTTPS malicious site known to ESET in incognito mode and see if ESET blocks it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top