I found that Avast does some SSL-offloading, that causes the browser to warn about unsecure connections.

This is not common for all sites, but some.
If you access https://cnn.com and view the certificate … is shows that the issuer of the certificat is “avast! Web/Mail Shield Root”
But if you access an online banksite the cerficate has the correct issuer “GlobalSign Extended Validation CA - SHA256 - G3” and the browser does not throw an error.

Why does the Web Shield intercept and inject its own certificate, on that I expect to be at secure connection between the browser an the websit that i’m visiting?
I want to trust my connection, so when it it encrypted with a certificat issued to the site i’m visiting, it is this certificate that is used all the way, not have Web Shield intecept as a “man in the middle attack”.
Second, how and why is there a difference for some sites and not others. How does Web Shield determine if and when not to inject its own certificat?

Same happening with me.

I’m visiting our own sites, that are on Cloudflare with certificates issued by Cloudflare yet in the past two weeks I see “Issued by” on the cert is Avast Web/Mail Shield Root.

I’d rather it not do this.

I have noticed this in Chrome as well.