Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Which Antivirus has no HTTP Scanning?
Message
<blockquote data-quote="SeriousHoax" data-source="post: 1033005" data-attributes="member: 78686"><p>Just keep in mind that Kaspersky (also ESET) have many signatures that are tied to their web protection engine only and won't get detected by their file based protection signatures. So if there's a malicious script that the browser run to attempt something malicious, they may not get detected by Kaspersky & ESET when HTTPS scanning is off. Some other AV products which don't have MITMing for HTTPS scanning but have file based signatures for those scripts may detect them on browser cache or some other ways, but Kaspersky and ESET won't. That's because they don't expect you to turn off HTTPS scanning. Their product wasn't designed to be used without it. They separate the file based and web based signatures to improve performance (Kaspersky analyst told me).</p><p>Also weirdly, I have seen Kaspersky not detecting some known malicious site and malware CnC server without HTTPS scanning. They were detected on Virustotal and Opentip, but not on their product when HTTPS scanning is off.</p><p>Avast and Bitdefender don't have separate signatures for file and web based protection, it seems. I can not guarantee with 100% certainty but haven't been able to find something to prove otherwise. HTTPS scanning can be turned off in Avast without losing too much of the protection, I think. In Bitdefender, disabling "Encrypted web scan" completely disable filtering of HTTPS traffic, so web protection becomes almost useless.</p><p>So, only turn off Kaspersky's HTTPS scanning if you are comfortable with losing a certain amount of protection.</p><p>Edit: HTTPS scanning can be replaced by Web scanning/Web shield/Web protection, etc. but the reasoning and explanation will remain the same.</p></blockquote><p></p>
[QUOTE="SeriousHoax, post: 1033005, member: 78686"] Just keep in mind that Kaspersky (also ESET) have many signatures that are tied to their web protection engine only and won't get detected by their file based protection signatures. So if there's a malicious script that the browser run to attempt something malicious, they may not get detected by Kaspersky & ESET when HTTPS scanning is off. Some other AV products which don't have MITMing for HTTPS scanning but have file based signatures for those scripts may detect them on browser cache or some other ways, but Kaspersky and ESET won't. That's because they don't expect you to turn off HTTPS scanning. Their product wasn't designed to be used without it. They separate the file based and web based signatures to improve performance (Kaspersky analyst told me). Also weirdly, I have seen Kaspersky not detecting some known malicious site and malware CnC server without HTTPS scanning. They were detected on Virustotal and Opentip, but not on their product when HTTPS scanning is off. Avast and Bitdefender don't have separate signatures for file and web based protection, it seems. I can not guarantee with 100% certainty but haven't been able to find something to prove otherwise. HTTPS scanning can be turned off in Avast without losing too much of the protection, I think. In Bitdefender, disabling "Encrypted web scan" completely disable filtering of HTTPS traffic, so web protection becomes almost useless. So, only turn off Kaspersky's HTTPS scanning if you are comfortable with losing a certain amount of protection. Edit: HTTPS scanning can be replaced by Web scanning/Web shield/Web protection, etc. but the reasoning and explanation will remain the same. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
