Avast's HTTPS Scanning interferes with Firefox and other programs
Security companies such as AVG, Kaspersky or Avast release new versions of their products each year to the public. The updates do introduce new features from time to time and may also change the interface of the program as well.
Avast released its 2015 lineup recently and one of the new features that all of its antivirus programs ship with is HTTPS Scanning.
It enables the program to detect and decrypt protected traffic using its web filtering component. This alone is highly problematic considering that the program is tapping right into protected data streams but the current implementation is causing all kinds of issues on top of that.
Update: An update to the most recent version of Avast or Firefox seems to resolve the issue.
Firefox users for example may notice that the browser won't close anymore because of Avast's HTTPS Scanning feature. This may not happen all the time when Firefox is closed but users reported that it is happening frequently.
That's however not the only issue that Firefox users may experience if Avast is installed on the computer system the browser is running on.
Firefox's add-on update check may be blocked by the security software as well.
The Mozilla Firefox web browser is not the only program that is affected by issues though. Spotify's Web Player may not be able to connect to Spotify for example with Avast 2015 running on the system.
Users who experience issues after installing the latest version of Avast 2015 have two options:
- Disable HTTPS Scanning.
- Uninstall Avast completely.
It is thankfully pretty easy to disable HTTPS Scanning in the application.
- Open the Avast dashboard on the affected system.
- Select Settings from the left sidebar menu.
- Switch to Active Protection.
- Click on Customize next to Web Shield.
- Uncheck the "Enable HTTPS Scanning" option and click ok.
This turns off the feature in Avast and problems that you have experienced should be a thing of the past.
There is no option to turn off the HTTPS Scanning feature in Avast during installation. While you can disable the Web Shield during installation, it impacts more than just HTTPS scanning and is generally not recommended. (thanks SÃ¶ren)
Why would I want some piece of software to act as man-in-the-middle on my HTTPS connections? I never understood the need for such a feature, but it seems that people want it nevertheless…
Your connection is not secure
Probably because it is antivirus and it is taking care of your security?
Btw you can still add it to the list of exceptions so it won’t be included in scans and shields.
I am speculating but new Avast may create problems with torrent apps too. I tried to download torrent yesterday, but it gives me writing error. I downloaded hundreds torrents on utorent before without problems. Only difference is that I updated to Avast 10.0.
The firefox not closing problem should be already fixed both in avast (via virus DB update) and firefox (33.1). So it should not be reproducible today on any avast installation, provided either avast or firefox is at its latest versions. The same is true with Spotify for a few days already.
Martin, you do still see these two problems?
Lukas, from avast team.
No, but I tested this only briefly. I have added an update to the article to reflect that. Thanks!
Do not be fooled.
Avast/Lukas ‘s “fix” was to get rid of the bug and then hide the function by removing the option to turn off HTTPS scanning. In other words Avast now forces you to accept HTTPS scanning.
This is Avast’s answer to bad criticism of a program feature -. force it on the user and then hide the fact that it’s there. Out of sight, out of mind. Then they carefully word their public response with a ‘Everything’s fine now – right?” instead of a ‘Hey, we didn’t think it was a bad idea at the time but we heard you and did the right thing making the option more transparent’.
I uninstalled Avast this morning from 1 sister’s, 2 parents’, and 2 of my own computers this morning and am testing Bitdefender & Avira now to see which I prefer. Thanks Martin for the article. I didn’t even realize until today that they added HTTPS scanning. I’ve just been blindly accepting updates.
I don’t understand? No option was hidden. Maybe you are referring to the fact, the HTTPS scanning is available on Windows 7,8 and 8.1. So on WinXP or Vista the option is not there (so is not the feature, sorry).
This problem is back, I have been having a world of trouble and after seeing your comment i checked versions and everything was up to date.
I look after around 15 computers in different parts of the world and I have had to switch off https scanning on majority of them to get them to connect to https sites consistently. I really think avast should be leaving https alone, I also had to switch off the mail scanning for the same reason on a couple of systems, I use non ssl email but it was causing troubles anyway.
Recently updated Avast on two machines to version 2015…. after about 15 minutes uninstalled it from both machines and installed Bitdefender. I believe the changes Avast made will not be well received.
Avast is OK, but too many problems too often. Bitdefender and its many offshoots (eScan, Iobit, Bullguard, and more) leave all others in the dirt.
your a bonhead, if youreally read the instructionandlsitened to what he had to say, there wa snot https scanning on xp, i disabled it easily enough with no problems
I just resolved the same issue on bitdefender (up to date version) by turning off “Scan SSL” under Web protection on a Win 10 system.
This is not the first time that Avast has released a product that has been insufficiently tested and as a result, has mucked things up. I never install a new version of Avast without allowing some time for the bugs to be discovered and fixed. Avast is shooting itself in the foot with this kind of irresponsible behavior.
I updated to Avast 2015 only just a week ago, the Firefox version that I was using at the time was 30.0.1 (now 30.0.2) therefore I never experienced this issue.
I have used Avira for 5 years now without any problem with Firefox. I’ll recommend it instead of Avast
@Nebulus: In principle, agree. However in a post-post-Snowden world, could we start to see malware infestations on our computers that encrypt their own communications back to their C&C server, making it more difficult to debug them? In such a case, having an anti-malware product that’s able to intercept those comms might be useful. In theory anyone with anti-malware installed is already trusting that software to do a lot of privacy-invading work anyway.
“OK free software, you can monitor my email, files, browsing history … to protect me from the nasty stuff (and of course I assume a company nice enough to provide this free protection would never use that access for their own gain, would they?)”
I’ve made this choice myself by trusting AVG on some computers I manage. I don’t like it, but compared to repairing a malware attack, it seems easier at least, if not better. Yet I know very little about AVG other than there’s never been any word from sites like Martin’s here, that it behaves nefariously. So thanks Martin!
Block outbound connections for all programms but the one that legitimately need it ; and you’re done.
The malware won’t use firefox to do its data exchange…
The sad thing about Avast is that every new version they release it becomes heavier on the system with its realtime plus its commonly used or enabled features like sandbox/webshield/firewall. Even heavier if you use the other bloat features like the new one NG. I have been a user of Avast since version 4.X and observed how bloated and buggy every new version that comes and it all specially started on version 8.X which I never totally sticked with then uninstalled it. At that same time i’ve been using other AV on another pc like Eset,AVG,Avira,Bitdefender and I can tell you that in the beginning this AV’s started off as heavy on the system but with every new version they release it has become lighter/not resource hungry with less problems occuring on the system while Avast has the reverse effect of becoming even more bloated and a headache with each new version. So to people who haven’t picked an AV yet or are using Avast but having a problem with it. I can say that Eset,AVG,Avira,Bitdefender are definitely good AV’s and causes less to no problems on the system.
Eset? NEVER AGAIN!!!
Exactly! I’ve been using avast since around 2006. Just recently I installed Avast 2015 on a Win7 Ultimate 64bit system with 4GB RAM. Avast was chewing up loads of RAM and I was getting Memory Low notifications in Windows. When I looked into it further and figured out what Avast NG is, I uninstalled that feature and things are “back to normal”. I might be moving away from Avast as well, once I decide what to move to. I hate bloated crap like that, especially when it is installed by default with no explanation as to what it is or why it’s “needed”. I used to be an Avast evangelist…not anymore!!
Been using Avast for almost as long. After installing 2015 saw the same issue and it appears the CPU usage is a known issue by the dev group, at least in the forums. Now will they fix it? I too am frustrated by all of the bloatware Avast is including. I will be searching for a new AV program as well, however it appears all have the same “bloated” footprint, so choices seem to be limited.
because it was meant for stronger systems that can handle not for pidly ass bs systems, If yur system cant handle it then the fault is yours not theirs. Computers constantly build up over time, somust the software build up with it.
Avast https scanning also permits file upload to Dropbox using Firefox.
Considering Dropbox is advertised (as partner) when installing Avast, this bug has to be declared as Avasts “major fail” of the year.
Many of my extensions have also disappeared recently. I’ve reloaded several times and also tried to restart all Mozilla. This seems to have started with version 33.1
It also blocks Remote Desktop Connections using Sonic Wall, even after I put them in the exceptions list. Kind of a big deal for me, since I work from home. I disabled HTTPS scanning and it works perfectly now.
I’m now having trouble updating Malware bytes. I tried uninstalling and reinstalling several times, and turned off my firewall. I just noticed that they now recommend turning off my anti virus . This has never happened before. I been using Avast for several years. Why can’t these providers check out their programs before releasing them to the public?
thanks for the article. I just updated my Avast free and it blocked most traffic, even Avast’s own domain (needed to register). So not only do they suck big time but also shot themselves in their own foot. Needless to say that buying their products is out of question.
In Windows 7 I do not have this problem despite HTTPS Scanning (Avast Pro Antivirus 2015)
The above-described problem arose after the installation of Windows 10 (update from Win 7 to Win 10).
This feature is a terrible side-effect on payment messages.
At the first call toward a https payment platform using a https POST or at the first call toward a 3D-secure authentication server, parameters of the POST are destroyed.
3Dsecure authentication is lost and payments are lost.
I disabled HTTPS on Avast and it worked! I was able to use chrome after. But then I thought maybe an update of Avast could help solve it once and for all, based on tips I read in this article. And the Update solved the problem. I can use chrome now even with the HTTPS on. The only helpful article! Thanks!
After disabling Webshield’s -> ‘Enable HTTPS Scanning’ (in order to even get to MOST websites) – it reverted back to ‘Enabled’ upon reboot….
Is there no way to PERMANENTLY control this?