eicar test not working as expected

I recently upgraded to version 4 and decided to do some testing using the test files provided here: http://www.eicar.org/anti_virus_test_file.htm

HTTP detection is OK, i.e. the test virus is detected and access is blocked if I go to: http://www.eicar.org/download/eicar.com.txt

However it fails for HTTPS (I have HTTPS checking enabled - it is strangely off by default), e.g. https://secure.eicar.org/eicar.com.txt

In Firefox, no warning is received and the test virus string is displayed, i.e. the URL is not blocked. If I save the file to disk, then the file monitor picks it up.

In IE, a warning is generated by the file monitor when the temp file is created, however the url is not blocked and the test string is clearly visible.

Please advise if there is something I can do to stop this. Reiterating, I have HTTPS turned on:

 

Under Protocol filtering -> SSL, do you have SSL filtering mode set either to "Always scan SSL protocol" or "Ask about non-visited sites" ?

 

Yes I do, it is set to:
- Always scan SSL protocol

What happens on your PC when you go to: https://secure.eicar.org/eicar.com.txt ? Do you see the text string or is your access blocked by nod32.

 

With the same settings, https://secure.eicar.org/eicar.com.txt is blocked and quarantined.

 

Thanks for the response, but I don't know to make use it. Some questions ?

- When you say blocked and quarantined, does it actually prevent you form seeing the text at the url ? For me in Internet Explorer, it shows the text and generates a warning but this is not the same behaviour as visiting the url using http wher eit is completely blocked.
- which browser are you using ?
- are you behind a transparent proxy ? or do you use an auto configuration script ?

 

Hmmmm . . .looks like another bug

The SSL scanning only works using IE when connected directly to the internet. In Firefox, SSL certificates are invalid because the Root Certificate authority is not installed. It is not possible to export the private key and import into Firefox, therefore can't enable this feature. This has occurred on 2 more than one computer running both XP and Vista.

At work when sitting behind an ISA server, SSL scanning does not work at all even with all the necessary checkboxes ticked. I can tell because the root certificate authority is not ESET_RootSslCert when clicking on the certificates. Therefore, one can visit virus infected SSL URLS without having the protection of the scanner.

 

Why would be SSL scanning off by default?