How is ESET Smart Security able to intercept my HTTPS traffic?

Yesterday, ESET showed a notification to install the latest version of Smart Security, so I’ve clicked “Install”. Now, it appears that ESET can intercept HTTPS traffic in my browser.

1. In Firefox, I open https://paypal.com.
2. I click on the Login button.
3. I’m auto-redirected to http://eset.com/BPPRedirector/ESET-Redirect-Ask

What’s going on here, and how can I disable this. I don’t want ESET to be able to intercept my HTTPS traffic at all!

How do I disable "Banking & Payment protection"?

I don’t want ESET to be able to intercept my HTTPS traffic at all!

You can permanently disable "Banking & Payment protection" as follows:

1. Open ESET Smart Security. How do I open my ESET product?

2. Click "Setup" then click "Security tools"

   

3. Click the green slider bar next to "Banking & Payment protection" for options to pause or disable protection.

   

4. Select "Disable permanently" from the drop-down menu and click "Apply".

   

   If you pause or disable protection, the secured browser will not launch when you visit a banking website. While protection is disabled, data is not encrypted and the driver to protect against keyloggers is not enabled.

Source How do I pause or disable Banking & Payment protection in ESET Smart Security?

This is the accepted answer

David’s answer below is about disabling "Banking & Payment protection". However, my question was more general. In order to completely disable HTTPS filtering, which is done via ESET’s “SSL Filter CA” certificate, you have to do this:

1. Open Smart Security 9
2. Click Setup
3. Click Internet Protection
4. Click on the gear icon next to Web access protection
5. Click on Web protocols
6. Disable HTTPS checking

I have found that this disables ESET’s certificate when web browsing HTTPS sites, which is what I wanted.

The answer to "What’s going on here?":

It doesn't actually intercept your HTTPS traffic. Well, at least, not at this point. If you take a look at your URL bar:

It's clear that you're redirected to eset.com, not intercepted! It exactly works the same way as commercial hotpots or firewalls redirecting you to a Captive Portal.

But, how does it intercept your connection? And how to tell if you're intercepted or not? The firewall intercepting your connection actually connects to destination site using the legit SSL certificate, then represents you the destination webpage (with the exception of using it's own certificate, instead the destination website's, like a website proxy). But, it's not that easy, because Certificate Authority of your browser should trust the certificate. If it's not using a trusted certificate already in your CA, then you get a security warning stating "Certificate is not valid" (and an option to add an exception). If it's using an already-valid certificate like the certificate for eset.com, then it loads the webpage, but if you check the certificate, you see the certificate for ESET, instead for PayPal.

This method is also used in WAF (Web Application Firewall) HTTPS scanning and CyberGhost VPN's Content Blocker feature: "Remove Social Plugins like the Facebook Like button which could analyze your surfing behaviour" .

You already got answered how is it done and how to turn it off, but the general answer is: it is always possible, even though https is secure.

Imagine that you are a teenage girl exchanging love-letters with your boyfriend. Your dad is an adversary. He cannot read the letters while they are sealed in the envelope, but as you open them and leave on the table, he can read them without any problem. Of course your father is not an adversary, but a guardian who reads them to protect you against bad things.

I'm not saying that ESET is evil and dangerous, AFAIK it's not. I'm not saying that it's good to spy on your kids: it's bad. What I'm saying is that if you let indoors an adversary impersonating your father, he'll be able to read your secret communication over your shoulder. If you'd install malware on your computer, end-to-end encryption would be of no use since the malware would be already on your "end".

So install software from the trusted sources, especially the anti-malware software.