Level 38
Mar 16, 2019
I guess I understand the HTTPS scanning, but is it necessary if a basic web filter blocks most known malicious pages? Kaspersky is tops at adding bad pages, but is that because their filter detected them and reports home?
I think it's not fully necessary but an additional layer of protection as it helps scanning the whole content of the webpage. So in case thinks like a modified malicious javascript of a page that collects your credentials and upload it to their server and etc other type of threats may only be detected if the antivirus was MITMing/scanning HTTPS content. But it does cost the user with a slight delay in page loading and maybe other vulnerabilities too if not properly implemented.
Please explain the difference between HTTPS scanning and basic web filter. I suppose I don't have the answer myself.
Like blackice said above, one is ip/host based detection and another is decrypting the HTTPS content and scan it. All paid AVs already does the first one but some also do the latter.