• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

HTTPS scan and sertificates

Can someone tell me does Norton scans HTTPS or no? I just can't find any toolbar in Norton settins responsible for this. Also I can't find any Symantec sertificatte in Firefox (Options - Advanced - View Certificates). Is that a normal thing or no? I used Kaspersky before and it always install Kaspersky Anti-Virus Personal Root Certificate.

Replies

Kudos0

Re: HTTPS scan and sertificates

Accepted Solution
Kudos0

Re: HTTPS scan and sertificates

The IPS (Intrusion Prevention System) included in Norton Security now detects attacks using https connections, and stops those attacks before they take up residence on the device.

 https://community.norton.com/en/blogs/product-update-announcements/norto...

Introduced in version 22.7.

Kudos0

Re: HTTPS scan and sertificates

Thanks guys. Answer was given and topic can be closed.
Kudos0

Re: HTTPS scan and sertificates

Can someone tell me does Norton scans HTTPS or no?

Norton does not scan https traffic.  Norton detects attacks using https connections.  

Kudos0

Re: HTTPS scan and sertificates

Thanks.
Kudos0

Re: HTTPS scan and sertificates

And what about certificate in Firefox. Does Norton install any certificate in browsers or no?

Kudos0

Re: HTTPS scan and sertificates

Kaspersky uses their own certificate to be able to intercept and scan encrypted traffic - basically the same technique used in a Man-in-the-Middle attack.  Norton's IPS monitoring of https connections is new, and not much has been disclosed about it, so it is not clear if Norton uses the same method or not. 

Kudos0

Re: HTTPS scan and sertificates

Thanks. I just didn't know before that this sertificate is needed to scan HTTPS.
Kudos0

Re: HTTPS scan and sertificates

 - there is no way to scan HTTPS traffic unless a security vendor uses his own root CA certificate to do so which results in a MITM situation.

 http://www.wilderssecurity.com/threads/risks-of-using-a-v-https-interception-scanning.385828/#post-2588154

Kudos0

Re: HTTPS scan and sertificates

It's strange but Norton differently detects Eicar in Firefox x32 and x64. In FF 64 Eicar was blocked in HTTPS by IPS  and by real time protection in HTTP, but in FF 32 it was blocked in HTTPS by real time module and by IPS in HTTP. I think it should be detected by IPS in both browsers (x32 and x64). And how Norton could decect Eicar by real time protection If it can't scan HTTPS and can only detects attacks by this connection (using Intrusion Prevention)?

Kudos0

Re: HTTPS scan and sertificates

FWIW ~ my FFx64 + eicar.com / eicar.com.txt
protocol http > IPS flag (no prompt to save file)
protocol https > Auto-Protect flag (prompt to save file = Download Intelligence)

Kudos0

Re: HTTPS scan and sertificates

I'm sory, I have the same now with x64.

This thread is closed from further comment. Please visit the forum to start a new thread.