As soon as I installed the new version of the avast! antivirus on my Windows 8.1 PC, I started to have a strange problem. I could no longer access any of the websites over the HTTPS protocol. Trying to access even the known secure sites like Google and Yahoo showed me expired or invalid certificate errors. Assuming it to be some malware attack, I scanned all of my hard disk with avast! antivirus, and then with Malwarebytes’ Antimalware but could not find anything. After thirty minutes had been spent, I finally started to go through the avast! settings and figured out the culprit – avast! was set to scan HTTPS traffic and was injecting its own SSL/TLS certificate in place of the original certificates of different websites.
There are two solutions for this problem – either you allow the avast! certificate as an exception in various applications like Firefox, Chrome, Thunderbird etc., or you just disable the HTTPS scanning in avast!. The second method is much easier and you do not have to make changes in different applications individually. Here is how you can disable HTTPS scanning in avast! antivirus to fix the untrusted connection / invalid certificate / expired certificate errors :
- Double-click on the avast! antivirus icon in the Windows system tray to open the main avast! interface. You can also launch it from Start Menu or the Search Charms.
- In the avast! antivirus window, click on the Settings near the left-bottom corner.
- In the avast! settings window, select Active Protection from the left panel. Then click on Customize shown for the Web Shield module.
- Under the main settings for the Web Shield, un-check the checkbox that says Enable HTTPS Scanning and click on the OK button.
- That’s it. Now you can access various websites using the HTTPS protocol without any problem in any web browser.
Conclusion: Disabling the HTTPS scanning for avast! antivirus can solve some of the issues that you may have when accessing the secure websites over the HTTPS protocol. But at the same time, it makes your PC a little but less secure as avast! won’t be able to scan any malicious code being downloaded over a secure connection. If you do not want to disable HTTPS scanning, then you will have to add the exceptions for every secure website that you want to visit in a web browser like Firefox.
Thanks. This post continues to be useful in 2021. Suddenly this morning my email provider started to reject the Avast mangled version of my security certificate. Your excellent post quickly lead me to the solution. It is nasty for Avast to make such changes in people’s computers without giving prior notice and the opportunity for the user to deny permission.
what the heck!!!??? you mean this isnot a BUG they can fix??? what’s up with that!!! i hate computers!!
Thank you so much! This has been an aggravating problem, and your solution worked.
I have been searching, reading and playing with settings for 2 hours. It all began when I updated Avast. Uninstalled Avast free then reinstalled it. I even followed Avast instructions to import certificates. Initially Avast even blocked https://www.avast.com/faq. Your fix did the trick. Finally works without turning off Web Shield. Thanks. (Still wonder what the proper fix is.)
this worked thank you! Your directions were great, and if I can follow them, anyone can!
thanks