Advice Request AVs without HTTPS interception/filtering + browser extensions

Please provide comments and solutions that are helpful to the author of this topic.

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,872
I'd rather not try that :p (and I don't know which site that might be anyway).
That's the easiest way to know. When I used ESET, I didn't disable the option. I just set my browsers to ignore and no HTTPS scanning was done in the browser, but ESET kept blocking HTTPS malicious sites on browsers.
 
  • Like
Reactions: nickoftime

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
Looks like you are perfectly accurate. I found this bit, slightly buried in their online documentation:

"ESET products are designed to detect threats at the application level regardless of network filtering settings, however for the most secure configuration, we recommend leaving SSL/TLS protocol filtering enabled whenever possible."

I'll post back if I find out more, about ESET or others on this matter. I do not like this ambiguous dilemma ("allow us to decrypt all your traffic, or live with reduced security") so I'll keep investigating.

edit: from their previous v14 documentation:

"Disabling SSL scanning will remove a layer of security provided by ESET Smart Security and could expose your system to security risks"
 
Last edited:

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
609
I think all AVs allow you to disable it. Right? Whether they honor your setting is another question.
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
I think all AVs allow you to disable it. Right? Whether they honor your setting is another question.
It's not just a matter of being able to disable it, but exactly what happens if you do:

Will it re-enable on its own? (as you imply)
Will the AV keep nagging you to re-enable it?
Will online protection restrict itself to HTTP? (thus becoming useless)
Will protection compromise itself in other undocumented/unknown/unpredictable ways?
 
  • Like
Reactions: SpiderWeb

Ink

Administrator
Verified
Jan 8, 2011
22,490
If you don't trust an AV provider to scan https then why would you be using them at all? Partially hamstringing the products protection doesn't seem a great move to me but I'm not an expert :)
Begs the question why use Windows at all?

OP mentions Microsoft Defender isn't an option for them and is worried about the lack of HTTPS interception.
Well, that's quite worrying if true. Unless I'm mistaken, Microsoft Defender's full protection is only available when paired with Microsoft Edge. It's even worse than browser-specific extensions: it's a single-browser AV. In any case, it's not an option - forgot to mention it in my first post.

1 + 1 = ?
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
If you don't trust an AV provider to scan https then why would you be using them at all? Partially hamstringing the products protection doesn't seem a great move to me but I'm not an expert :)
That's the point of this thread, to NOT use them. The problem isn't about trusting AV providers in general (never claimed they are "evil"), but with this particular man-in-the-middle practice which has become the norm, essentially breaking end-to-end encryption. No software should do this, not even AVs. Just my opinion, of course.

It has become almost impossible to find a well-known AV that does not perform this, so I was willing to consider AVs that only do this optionally but only under the condition that they would still offer strong web protection. Not easy to evaluate this.

Begs the question why use Windows at all? OP mentions Microsoft Defender isn't an option for them and is worried about the lack of HTTPS interception.

1 + 1 = ?
Not sure what you mean. I was never worried about the lack of HTTPS interception, since it would be the exact opposite of what this thread is about. My questions on Defender were always on the presumption that it does NOT perform HTTPS Interception.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Any reason why Microsoft Defender isn't an option?

As for MS Edge, you're not required to use it for full protection.
 

nickoftime

Level 2
Thread author
Verified
Feb 19, 2013
49
Any reason why Microsoft Defender isn't an option?

As for MS Edge, you're not required to use it for full protection.
I use several disk-intensive programs, currently on an old PC. Defender almost always interferes, significantly increasing disk and CPU usage while they are running. I am forced to use its bad UI to create a large exclusion list to solve this, and monitor Defender before working on anything. This was my main reason.

A couple of users earlier in this thread, suggested that Defender's optional Network Protection OS-wide feature might not even work at all for non-enterprise users. That's a second reason.

I still do not know if Defender's default Web protection (i.e. NOT the advanced "Network Protection" feature) is any good and if it works outside of Edge.
 
  • Like
Reactions: Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
Disabling HTTPS scanning doesn't mean that the protection is restricted to HTTP only. It only means that your HTTPS traffic won't be decrypted to scan the content in it like scanning the content of malicious javascript loaded by a website site.
Known bad HTTPS hosts are still blocked. This is true for all Avast, Bitdefender, ESET, Kaspersky, etc.
Norton doesn't do HTTPS scanning but relies on an extension. Though I have seen Norton blocking malicious connections even without browser extension but in rare cases. They have the ability but don't utilize it fully for some reason.
Without browser extension, F-Secure & G-Data's web blocking is restricted to HTTP only.
MD's network protection should have been better but in general, it blocks nothing but increase CPU usage under heavy downloads.
Simply disabling HTTPS protection in the AV should be enough. There are many members on the forum who use their preferred product in such way.
I ve seen Norton 360 blocking several ip addresses without any extension many times under “malicious domain request (number)” detection. It does not block the whole website, but the malicious connections.
 
  • Like
Reactions: SeriousHoax

zakazak

New Member
Dec 2, 2014
12
I came to this thread because I was trying to figure out whether Adguards HTTPS Adblocking/Filtering can be trusted or not.

It seems like there is still not definitive answer to this.
So my next question would be: Is it even useful (https filtering for ads and malware)?
 
  • Like
Reactions: SeriousHoax

zakazak

New Member
Dec 2, 2014
12
Browser based adblockers like uBO & Adguard extension don't need to do that. They do filtering with APIs provided by the browsers.
I don't have anything else to block on my desktop, besides the browser.

It's more difficult on my phone (Android, rooted).
And I would entrust Adguard just for that to view ALL of my traffic. Even the one that is encrypted with HTTPS.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top