Author Topic: Is HTTPS decrypted (and re-encrypted) to allow interrogation of web traffic  (Read 236 times)

Offline VanguardLH

  • Comodo Loves me
  • ****
  • Posts: 192
In Avast, they install their certificate in the global store (in Windows, run certmgr.msc and look under Trusted tab) or in Firefox's private cert store (Mozilla uses their own cert store instead of the global one managed by the OS).  That lets them interrogate the HTTPS web traffic using a MITM (man in the middle) scheme.  The client uses SSL to the AV's proxy and the proxy uses SSL to the server.  Without this scheme, the AV couldn't inspect the web traffic to look for malicious content.

I've looked at the online manual for CIS, hunted around these forums, did online searches to look elsewhere but I've not found definitive information saying if and how CFW, CAV, or CIS can interrogate the contents of HTTPS traffic.  Making the connections and white/blacklists of sites is not the same as looking at the content of the traffic.  HTTPS is supposed to be secure as long as no MITM scheme is employed at the client end (but this is how, for example, employers can see the content of their employees' web traffic) and how several other AVs work to look at the content rather than just the endpoints of a connection.  The construction of this cert is important.  Avast ran afoul of secure checks in Google Chrome (not at first but after Google made some changes) because how Avast's cert was constructed.  Firefox is more tolerant (or sloppy, depending on your point of view).  I've been using HTTPS scanning in Avast for years now with no problems.  I'm wondering if CFW (with or without CAV) or CIS can interrogate the content of HTTPS traffic.

http://help.comodo.com/topic-72-1-766-9024-Introduction-to-Comodo-Internet-Security.html

Didn't see an option to enable/disable HTTPS scanning.

Also, IPv6 is hardly new anymore.  Why would CFW come pre-configured with IPv6 filtering disabled?  I have not run across a router or cable modem that does not support IPv6 for a long time.
Comodo Firewall 5.10.228257.2253
Windows XP Pro SP-3
(last updated: 05/13/2012)

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4294
CIS uses API function hooks for IE, FF, CD, and CID to see the URL for use with the web filter. As for the AV, the only time it can scan objects that are transferred through HTTPS is when those objects are written to disk.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek