ESET NOD32 Antivirus enables you to check protocols encapsulated in SSL protocol. You can use various scanning modes for SSL protected communications using trusted certificates, unknown certificates, or certificates that are excluded from SSL-protected communication checking.
Always scan SSL protocol – Select this option to scan all SSL protected communications except communications protected by certificates excluded from checking. If a new communication using an unknown, signed certificate is established, you will not be notified about the fact and the communication will automatically be filtered. When you access a server with an untrusted certificate that is marked as trusted (it is added to the trusted certificates list), communication to the server is allowed and the content of the communication channel is filtered.
Ask about non-visited sites (exclusions can be set) – If you enter a new SSL protected site (with an unknown certificate), an action selection dialog is displayed. This mode enables you to create a list of SSL certificates that will be excluded from scanning.
Do not scan SSL protocol – If selected, the program will not scan communications over SSL.
If the certificate cannot be verified using the Trusted Root Certification Authorities store (protocol filtering > SSL > Certificates):
Ask about certification validity – Prompts you to select an action to take.
Block communication that uses the certificate – Terminates connection to the site that uses the certificate.