itman nowhere on the cloudcar website does it say its a http only test. It says its a cloud test. cloud and http are not the same thing. Cloud based protection means not using traditional virus signatures, but instead cloud lookups are done using reputation systems. Cloud protection can be used on real time file scanning, http scanning, email scanning and so on, its nothing specific tied to http. eicar is a test of traditional non cloud protections using virus definitions, why would I use eicar to test cloud functionality? I would love to see these published tests test components individually which would highlight the vendors who dont take a layered approach (such as eset). Rather than just one test with everything turned on. As already stated there is multiple problems with whats going on, none of which has really been explained and as such it still looks to me eset are trying to pass of a bug as a feature. 1 - https scanning isnt viable because it breaks https reccomended practices, so as such https protection can be considered weak on eset if people follow what they should do which is to disable https scanning, no cloud protection in place. 2 - http scanning is on by default and doesnt break any RFC guidelines, but does at least on my system cause performance problems with browsing, there is also the fact it only protects http traffic in recognised browsers, not email, not torrents, not files copied locally to the device, not files uploaded via vulnerable services etc. 3 - cloudcar is in eset's cloud database, I know this because it is detected on a http test, however for unknown reasons (yes it hasnt been explained other than to say no it should not work this way, which is a bit vague) it isnt detected by other means of scanning such as file based scanning and email scanning, if I email the file to myself there is no warning even tho I have eset live grid and protocol filtering enabled. By the way how did you directly contact Jamie King,? I quote marcos So eset think http and email are the only attack vectors on a windows system? wow just wow. Also it isnt detected by email scanning on nod32 anti virus.