Web Shield's HTTPS Scanning Preventing Connections

Why does Avast’s “Enable HTTPS scanning” for the Web Shield cause problems with server connections?

This is occurring on computers with Windows 7 (32b and 64b), with DNS set (1.1.1.1, 1.0.0.1), the latest Mozilla Firefox, and the latest Mozilla Thunderbird. The Internet connection speed max is about 2.5 Mbps.

Having “Enable HTTPS scanning” checked off will often cause a “We can’t connect to the server” error in Firefox. Trying to reload the page over and over (dozens if not hundreds of times) will eventually get it to load, but there still may be issues loading sections of the page that call other websites. The same type of issue occurs with checking email in Thunderbird.

Sometimes the connections work fine and sometimes they won’t, and this occurs for any website.

If Avast is disabled or “Enable HTTPS scanning” in the Web Shield is unchecked, the connections go through.

Is there a way to fix this issue and be able to use Avast’s HTTPS scanning?

No problems here and my default browser is Firefox, I use my ISPs default DNS.

I also use Thunderbird as my default email client.

Where are you getting this from ?

Having "Enable HTTPS scanning" checked off will often cause a "We can't connect to the server" error in Firefox.
e.g. is it your own words or a quote from somewhere else ?

Avast has had HTTPS scanning enabled for some considerable time.
Since checking this dns address:

1.1.1.1 — the Internet’s Fastest, Privacy-First DNS … - Cloudflare.
I suspect this is a conflict between the two systems. So it may be blocking the Web Shield from scanning downloaded content in the https stream.

For the Avast setting I am referring to, it is located at:
Open Avast->Menu->Settings->Protection->Core Shields->Web Shield->Enable HTTPS scanning

The error message “We can’t connect to the server” is shown in Firefox’s display window when a website cannot be called up. This problem occurs on and off when the Avast! “Enable HTTPS scanning” option is checked.

The WiFi devices on the network have no problem with connections using the Cloudflare DNS setting, but Avast! is not installed on them.

I saw some posts in the forum where other users had Cloudflare DNS settings, but I did not come across anyone mentioning connectivity issues because of it.

I know what it is that you are referring to.

The firefox error message is as a result of the conflict that I mentioned.

Devices are individual and if they don’t have avast installed then there is no conflict, exactly what I was referring to before.

I haven’t seen this before in the forums (so I’m unaware of those issues), but that is not important at this point, what is is the conflict and you essentially have to make a decision.

The Web Shield is perhaps the most important avast shield as most malware originates on the internet and HTTPS is used very much now so to disable this is weakening your protection, but that is your choice. Protection over Privacy-First DNS, there are other DNS services you could try and see if the same issue applies.

You could also look at the new QUIC/HTTP3 function as I don’t know if that might also come into play, but probably not if unchecking HTTPS scanning removed the conflict.

While it seemed like unchecking “Enable HTTPS scanning” corrected the problem, I did still have problems with websites not loading up on occasion, but it was a lot less often than before.

I tried unchecking “Enable QUIC/HTTP3”, but that did not seem to correct the issue… however, websites loaded up much faster with that off.

I tried a different DNS with everything enabled in Avast!, and it had the same connection issues as the Cloudflare DNS… plus, it was a lot slower.

I tried enabling everything again in Avast!, getting rid of the DNS settings, switching back to the ISP’s DNS, and that seemed to correct the issue. I still need to test this some more, but there is something triggering this issue on multiple computers.

Is there something else that needs to be done to use different DNS settings in Windows 7? I was changing the DNS through the network adapter settings.

It isn’t correcting the problem, but avoiding the conflict, with the Cloudflare Privacy-First DNS.

Well change the DNS settings in windows 7 would essentially avoid using the Cloudflare Privacy-First DNS, as far as I know setting in them in the network adapter settings is the only way to do it.

See https://www.slickvpn.com/tutorials/dns-update-windows-7/
That mentions Cloudflare and Google 8.8.8.8

From that article:

At this point, we recommend the DNS resolver cache and web browser caches to ensure that your new DNS configuration settings take immediate effect. Flush DNS by this procedure
I tried a different DNS with everything enabled in Avast!, and it had the same connection issues as the Cloudflare DNS...
The above extract from the article may have been why you still experienced the problem after changing the DNS.

It seems like on my Windows 7 computers any DNS that isn’t the ISP’s will cause the intermittent website connection problems. Mobile devices using the custom DNS settings worked fine.

I’ve tried a few different DNS servers and have flushed the DNS at each change. I also tried setting the DNS to the default (obtain DNS server address automatically) in Windows 7 and then connected the computer to a router that allowed for custom DNS settings. In any of these cases where a non-ISP DNS was used, I had website connection problems, and the Web Shield settings in Avast made them occur much more often.

I’m not sure how to correct this issue and be able to use any DNS I want.

There really is no correction as such it is a question of choice, avoidance of the conflict, unchecking Avast options as you have done before (and accept the reduced protection) use your ISPs DNS and not the Cloudflare Privacy-First DNS.

As an Avast User I can’t do anything further than what I have already suggested.