At the root of the problem is how security applications act as gatekeepers, filtering dangerous or unwanted elements by inspecting secure web pages before they reach the browser. Read the cited study
The IPS included in Norton Security now detects attacks using https connections, and stops those attacks before they take up residence on the device.
http://www.wilderssecurity.com/threads/risks-of-using-a-v-https-interception-scanning.385828/
Based on studies published on the web, not one security vendor is 100% properly performing HTTPS scanning. Based on the last report I viewed on Avast, they came the closest to performing it properly.
- there is no way to scan HTTPS traffic unless a security vendor uses his own root CA certificate to do so which results in a MITM situation.