This is a tough one. The kind of anti-virus feature that causes this tries to prevent malicious code running in the browser from uploading your personal data to a remote server. To do that, the anti-virus tries to buffer all outgoing traffic before it hits the network, and scan it for pre-defined strings.

This works when the application sends a complete HTTP request on the socket, because the anti-virus sees the end of the the HTTP request and knows that it can stop scanning and send the data.

In your case, there’s probably just a header without a length field, so until you send enough data to fill the anti-virus’s buffer, nothing will be written to the network.

If that’s not a good reason to turn that particular feature off, I don’t know what is. I ran into this with AVast and McAfee – at this point, the rest of the anti-virus industry is probably doing something like that. Specifically, I ran into this with McAfee’s Personal Information Protection feature, which as far as I can tell, is simply too buggy to use.

If you can, just keep sending data on the socket, or send the data in HTTP messages that have a length field. I tried reporting this to a couple of anti-virus vendors – one of them fixed it, the other one didn’t, to the best of my knowledge.

Of course, this sort of feature is completely useless. All a malicious application would need to do to get around it is to ROT13 the data before sending it.