Should AntiVirus (in my case Eset) be allowed to scan HTTP and HTTPS traffic?

Topic

New Reply

In another thread, I suffered from Firefox going from 2-3 minutes to open 88 tabs to 12-15 minutes! Something had changed. As it turns out, Removing Firemin which I had used for many, many years to mange Firefox memory shifted the burden from RAM to CPU and I was pegged at 100 % CPU. I am now back to my 2-3 minutes.

But during that adventure (https://www.askwoody.com/forums/topic/firefox-has-become-slow-to-open-tabs-please-see-details/), I believed the culprit could be my Eset NOD 32 AntiVirus. I continued to search a bit, especially to see how folks compare Eset with MS Defender now-a-days. During that search, I came across several places that recommended turning off HTTP and HTT{PS scanning in Eset to better speed and that it was not needed as anything not caught that way WOULD be caught in more usual ways. I don’t know…

Not many links to be found confirming this. A few:

https://blog.vpn.ac/disable-https-scanning.html

https://security.stackexchange.com/questions/148402/should-antivirus-https-scanning-be-left-on-is-it-secure

A video where I first learned of this:

How to fix slow internet with eset smart security https://www.youtube.com/watch?v=sGuL17TXR2Q

So, need opinions and preferably facts! I am about to try this to see if it benefits. If it does, does this put html email and web sessions at risk? who would you trust in the subject?

Thanks!

[Moderator edit: Removed spaces after periods and capitals in URLs.]

Reply | Quote

Replies

First off, I really like ESET but with that said I’ve always turned off ssl scanning and haven’t experienced any adverse issues.

Reply | Quote

Why go that far? And what vulnerabilities does that leave open?

Reply | Quote

They had issues with their cert years ago and it created issues. I haven’t really revisited the issue in years but at the time I couldn’t use it because of issues.
https://www.wilderssecurity.com/threads/risks-of-using-a-v-https-interception-scanning.385828/

Reply | Quote

Just re-enabled it, and this is very unscientific, but it slows down loading of this website by about 30-50%. Do realize I haven’t rebooted or used a timer – just feel. I’ll leave it off.

Reply | Quote

A couple of options:
* Shut off HTTPS scanning and run a performance test.
* Try a different real-time AV and run a performance test.

Since HTTPS is encrypted, a high performance AV/firewall approach would be to only look at HTTPS at connection setup time, and not the encrypted user data.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

Reply | Quote

Thanks, but s you likely know, removing an exisiting install of AV is no often easy Especially after years. It requires tools to get rid of all traces to install another AV to test. So not at all an option UNLESS Iwas actiually going to make the change

I’m going to see if I can find out how Microsoft Defender handles HTTPS and SSL…. Curious now.

Reply | Quote

Because they live with it daily I’d ask at the NOD32 Forum as I recognize 3 names there (from my EIS Forum) that could give you insight/strategy in resolving this.

https://forum.eset.com/forum/24-eset-nod32-antivirus/

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

2 users thanked author for this post.

rebop2020, opti1

Reply | Quote

Please read the ESET privacy and legal policies to see if there is a long term data retention and if they send URLs to servers, as an example McAfee collects URL data and retains information for some specified conditional amount of time.

Reply | Quote

Thanks all. Off to post in ESET. Will post here if anything of interest happens there.

Reply | Quote