How is it possible to implement something which is totally unclear what it is that they are doing. All I have seen so far is smoke and mirrors, saying it scans SSL, without any idea of how or what it is actually doing.

I guess any idiot AV can scan encrypted files, but what they can’t do is decrypt them and scan the contents. Scanning an encrypted file is unlikely to find anything because of the encryption; essentially this is no different if they are going to try and scan an https traffic stream.

If it were so good, why is it disabled by default ?
Wild-assed guess:
Either it is unlikely to detect anything because it is encrypted, which falls into the smoke and mirrors marketing hype. Or there is a huge overhead in doing so.