Hi guys,
Avast indeed scans HTTPS traffic and we strongly believe it is a total must-have for any AV. We currently block ~42% of all infections over HTTPS, and with phishing, it is even more, 73%. Please, consider this before disabling HTTPS scanning in WebShield.
As to the SSLKEYLOGFILE variable, yes, we do use it to do the scanning for Chrome, I don't really understand why Chrome itself says it is unsupported - it's been part of the browser for many years. However, we also support MITM. If chrome will continue to propagate this warning to stable, and from our current discussions with chrome developers, it seems that they do not have such intention right now, we will, of course, disable this method in favor of MITM. However, MITM is the worse of these two, from the user experience and performance-wise. I don't see any reason why any user would prefer MITM over this method.
Yeah, i would very much appreciate some honesty on this and whether they are still scanning and transmitting https traffic against the express wishes of the user.
No face, we do not scan nor transmit https traffic against the wishes of the user. Once https scanning is disabled (or the whole webshield) we don't scan it. Period.
We might change the code and stop injecting the variable into browser's process, once HTTPS scanning is disabled - however, this would be mean, that enabling HTTPS scanning would require chrome process to be restarted -- which on many machines means the whole system restart. I find this to be a big disadvantage to this approach.
stable version shows the same warning...
Based on our communication with devs from google, there is currently no plan to have this in stable. Jvidal, your finding is disturbing - I am sure you wouldn't write it here if it weren't true - could you, please, post a screenshot with the version visible? Thanks a lot!
Lukas
Update: it seems that the warning is no longer in chrome canary builds.