Avast causing Chrome to warn "You are using an unsupported environment variable:

You are using an unsupported environment variable: sslkeylogfile. Stability and security will suffer

Uninstall Avast - it goes away
Reinstall Avast it comes back.

Latest versions of Chrome and Avast.

Not enough information:

What version of chrome?
What version of avast?

what version of sslkeylogfile? Did you set this to automatically run?

Not anything I can confirm?

I can indeed confirm this. Having the same issue. This post explains the issue: https://techdows.com/2019/08/chrome-you-are-using-an-unsupported-environment-variable-sslkeylogfile.html

When you use canary builds, it’s quite possible to run into problems. No program grantees comparability with canary builds.

Avast 19.7.2388 See photo attached for sslkey file location

Chrome
Google Chrome is up to date
Version 78.0.3887.7 (Official Build) dev (64-bit)

I’ve reported this to Avast. Let’s see if that helps.

Are you using chrome stable or a canary build?

Official? (see above)

Does that (dev) in the about line indicate DEVELOPER? Is that Canary?

The machine’s owner is no techie. No need for any but standard issue browser. Would be a mystery how they got it. If they have it how do I get rid of it?

It seems that the latest version of Chrome is 76.

If the machine owner is running Chrome 78, it would be canary, since 77 is still in beta. Also, see:

https://chromereleases.googleblog.com
or
https://www.whatismybrowser.com/guides/the-latest-version/chrome

Thanks, will give that a try when the machine next passes this way. Will post back. Could be a week or so.

what a shame, dev is not canary - it is beta; basically insight in what is waiting for you in 3 months. Same happens with TLS 1.1 and a lot of bank sites were warned about problem before it hits them on DAY X.

I would like, as a subscriber - to make sure that Avast team will care about this annoying banner without forcing users to install current version of browser and be “surprised” with same message over 3 months

I can confirm this issue, using Chrome Dev.

As already stated, there aren’t any guarantees that anything will work if you’re using a Developers version of a program.
Developers versions are Beta versions. If it works, great if not, wait for the final release. Or, use a released final version.

stable version shows the same warning…

Not on the 4 computers I’m using in my home ???

Reported on The Following site as well, regarding Avast & Avg

https://techdows.com/2019/08/chrome-you-are-using-an-unsupported-environment-variable-sslkeylogfile.html

Yeah, i would very much appreciate some honesty on this and whether they are still scanning and transmitting https traffic against the express wishes of the user.

Hi guys,
Avast indeed scans HTTPS traffic and we strongly believe it is a total must-have for any AV. We currently block ~42% of all infections over HTTPS, and with phishing, it is even more, 73%. Please, consider this before disabling HTTPS scanning in WebShield.

As to the SSLKEYLOGFILE variable, yes, we do use it to do the scanning for Chrome, I don’t really understand why Chrome itself says it is unsupported - it’s been part of the browser for many years. However, we also support MITM. If chrome will continue to propagate this warning to stable, and from our current discussions with chrome developers, it seems that they do not have such intention right now, we will, of course, disable this method in favor of MITM. However, MITM is the worse of these two, from the user experience and performance-wise. I don’t see any reason why any user would prefer MITM over this method.

No face, we do not scan nor transmit https traffic against the wishes of the user. Once https scanning is disabled (or the whole webshield) we don’t scan it. Period.
We might change the code and stop injecting the variable into browser’s process, once HTTPS scanning is disabled - however, this would be mean, that enabling HTTPS scanning would require chrome process to be restarted – which on many machines means the whole system restart. I find this to be a big disadvantage to this approach.

Based on our communication with devs from google, there is currently no plan to have this in stable. Jvidal, your finding is disturbing - I am sure you wouldn’t write it here if it weren’t true - could you, please, post a screenshot with the version visible? Thanks a lot!

Lukas

Update: it seems that the warning is no longer in chrome canary builds.