I noticed an oddity with some of the websites I built. I have one, that has been HTTP since 10 years. A few years ago when changing hosting, I accidentally activated SSL on it, but cancelled the SSL right away (I cannot run that site engine on HTTPS). The site is up and running, but sometimes when I visit it since then, I get an error message: "Your connection is not private" from the browser or a similar error message from the virus scanner. I noticed this happens when I empty the cache of the browser, and type "mydomain.com" only to the search bar. If I type "http://mydomain.com", the site loads fine. So it seems the problem is that the browser is trying to force HTTPS even if the certificate has been cancelled long ago. Recently I did the same mistake with another site, when moving to another hosting, accidentally ticked the SSL option, and even if I cancelled it later, now the same error is happening there too. I checked the error message carefully, and noticed an oddity. For the other site, where I cancelled the SSL years ago, the Virus scanner error message still displays the certificate as if it was valid. Check the photo attached. But it is not valid any more. It has been cancelled long ago, and my hosting provider confirmed it makes no effect. Yet, Kaspersky and Eset scanners are looking for it and report it as valid. How is this possible?
For a while I thought this is a universal problem, but today I investigated that this error is only present on my own computers. That is: on computers where I visited the problem sites during the time when the SSLs were active. So I came to the conclusion now that something was saved on my computers that makes the Virus scanners still look for the certificates and consider the website HTTPS.
Does anyone know why this is? Maybe Windows stores SSL certificates in the Certificate Inventory, and if the certificate of a site has problems, the Virus Scanner flags it as risky? Or it is the virus scanner itself that stores previous SSL info somewhere and is checking it against the recent state of the site to determine risk?