Websites to Exclude from HTTPS scanning

SeriousHoax · 2023-03-09T14:55:16+00:00

There was an error rendering this rich post.

Hello,

So, as we already know Bitdefender has HTTPS scanning enabled by default. One thing I like about Bitdefender's HTTPS scanning approach is that it seems many of the trusted websites that I visit regularly are whitelisted, meaning HTTPS scanning is not performed on these websites. I don't know whether the whitelist is based on a list of websites or based on the certificate of the website or maybe both. Anyway, it's not important for me to know it. I like this large whitelist approach as it improves web browsing. Web browsing is really fast with Bitdefender. HTTPS scanning is always going to have a certain performance impact no matter how small it is, but due to it not doing it on most sites that I visit, I don't notice any impact at all. I even feel like web browsing with Bitdefender is faster than it is with the built-in Microsoft Defender AV.

But there is still an issue for me. For Google search mainly in Private/Incognito mode, and any Bing search, Bitdefender slows down page loading speed. The reason is HTTPS scanning. HTTPS scanning slows down the speed of my search engines. It's one second delay or even less than that but it's noticeable every single time. Without HTTPS scanning my Google and Bing search are instantaneous. This is not just Bitdefender btw. Other vendors like Kaspersky and ESET also slows this down but it's less slow with ESET and no impact at all with Avast.

What I would really like is an ability to choose the websites on which I would want Bitdefender to not do HTTPS scanning. So, for example, I would add both Google and Bing to that list to improve the speed. Products from ESET are the only AVs I'm aware of which has this option. They have more than one way to whitelist sites from HTTPS scanning which is really fantastic.

Without this feature my only option to fix this is to add both Google and Bing to Online Threat Prevention exception list. Though probably adding both Google and Bing to whitelist won't be a risk but I would rather want to avoid that. Another option is to turn of HTTPS protection altogether, but I try not to do that. So, the workarounds are not ideal. I know without HTTPS scanning, those green/red tick won't work on search results, but they never work for me anyway 🤷‍♂️

Besides, I'm sure there are users who would want their AV to not do any HTTPS scanning on some sites for privacy related reasons.

So, it would be great to have an option to do that.

Find more posts tagged with

Active

https

https certificate

Status: Active

Comments

Alexandru_BD

Hello @SeriousHoax and thank you for sharing your input here.

I think a distinction would not be very relevant, because if the solution doesn't do HTTPS scanning, it can't even scan the traffic, so other features from Online Threat prevention won't work either..

SeriousHoax

https://community.bitdefender.com/en/discussion/comment/322181#Comment_322181

Hi! Thanks.

I checked just some minutes ago and came here to comment and I see that you have already commented. You're right. Disabling "Encrypted web scan" completely disables the scanning of HTTPS traffic. Well, that's disappointing because other products can block malicious/phishing hosts even when HTTPS scanning is off, as their option only disables the decryption feature, eg: Avast.

Anyway, you may remove this thread altogether since it's not possible for this feature to have.

Scott

IMO, the thread stays, as I found the back-and-forth dialogue informative, as may others who find this thread.

Keep asking questions, posting threads, @SeriousHoax your expertise and insight is appreciated :)

SeriousHoax

https://community.bitdefender.com/en/discussion/comment/322234#Comment_322234

Thank you Scott, for your kind words :)

One thing I can suggest regarding this is that the explanation of this feature in the Bitdefender UI needs to be changed as it doesn't give the accurate information IMO.

It says,

"Encrypted web scan

Checks the safety of encrypted web pages. Encrypted web pages can use certificates issued by untrusted certificate authorities or even stolen certificates from legitimate sources."

I think this description doesn't give away the importance of this feature or what it actually does. Disabling this feature is a massive security risk as no HTTPS connection will be scanned. So, it should be described properly and maybe even warn the user when they try to disable it.

Alexandru_BD

Cheers

The thread stays, it's a good one 😉

Noted your observations @SeriousHoax, I'll pass them to our product teams.

Thank you!

allenwu

Hi I would like to extend the discussion to the configuration possibility that just disable HTTPS without replacing certificate, and allow other encrypted Traffic like RDP and FTPS can still be intercepted?

Because atm we found if we just unclick Scan HTTPS, the HTTP certificate is still replaced. It will be nice to know if anyone also faces this situation too, as we haven't found any else related discussion available.

Thank you!