The Agent has to use the HTTPS CONNECT method if you have a proxy set up. It's the only way to make an SSL connection through a proxy.

I'm not sure what security issues you are talking about though. From the client side there shouldn't be any issues. The SSL connection is still made and the traffic flows between the client and server encrypted.

The example you list is a potential issue from the firewall admin's perspecitve. Since by definition they're not alllowed to view HTTPS CONNECT traffic and thus can't stop anything from being tunneled through it. It can be filtered on the server and port if you like.

Can you list your concerns in more detail?

You mean like a web browser? I still don't understand your concerns. It seems like you object to us sending the data back to our servers encrypted. This is done primarily so results can't be tampered with during communication.

The reason admins have some worries about ANY secure connection is because malicious programs can pump data through it and they can't look at it. But that's true for any secure connection (HTTPS, SSH, any SSL/TLS connection, etc.), regardless if it's proxied or not. Either they allow it or the shut off all secure communication out of the network. Except for closed networks, I've never seen anyone shut down secure communications. If you're that worried about bad programs on your system, you can always set up the proxy to allow only certain endpoints so that you allow known traffic through.

As for why it can't connect, AV shouldn't be the culprit. Does it intercept all outgoing traffic? I would think any AV software would simply allow HTTPS traffic to go through since it can't possibly check it for virus'.

How about your proxy? What does it say regarding the connection? Does it deny it? Did you ever download a workunit? Did you set up the proxy information correctly in the Agent?