It would seem that all of my devices running Free Antivirus have stopped inspecting HTTPS sites (MITM root CA cert is no longer shown - original site certs are presented in browser). Any reason for this?

What avast version and build number are you using ?
Is https scanning enabled in the web shield settings ?

How are you testing it isn’t scanning https content ?
Test using the eicar.com test file from http://2016.eicar.org/85-0-Download.html using a secure SSL, HTTPS connection, avast should alert.

The EICAR file download is blocked over HTTPS.

I’m running 20.5.2412 (build 20.5.5376.561)

Previously, all sites (except exclusions) had their SSL certs replaced by one signed by an Avast CA which was installed as a trusted root.

Occasionally this would stop working but then resume after an Avast update. However, this has now not been seen in the last few program updates.

Unless this functionality has been amended/removed?

The functionality hasn’t changed as far as I’m aware and according to your test is scanning https traffic.

The only actual change in the Web Shield scanning is related to a new secure traffic means called QUIC/HTTP3 but this new standard is in early days and Avast are trying to have a method to deal with that. But it shouldn’t impact sites using the conventional SSL/HTTPS secure transmission protocol.

Hello,

Very good observation skills, many users do not notice that at all.

Please, do not get confused by the website certificate. Even though the connection has its original certificate, Web shield still inspects the https traffic. There are some browsers or connections where Web shield still needs to substitute the original certificate (e.g. Internet Explorer, old MS Edge), but it is not required on majority of connections (on Chrome, Firefox, Opera, new MS Edge, …).

Thanks, Jindrich

Thanks for the clarification.