diff --git a/proxywatchd.py b/proxywatchd.py
index 6d72d6f..2bc2f14 100644
--- a/proxywatchd.py
+++ b/proxywatchd.py
@@ -872,7 +872,7 @@ class ProxyTestState():
                 if success:
                     self.ssl_success = True
             # Track cert errors
-            if category == 'cert_error' or category == 'ssl_error':
+            if category in ('cert_error', 'ssl_error', 'ssl_mitm'):
                 self.cert_error = True
             # Check completion (inside lock to prevent race)
             if not self.completed and len(self.results) >= self.num_targets:
@@ -955,7 +955,9 @@ class ProxyTestState():
 
                 self.proto = last_good['proto']
                 self.failcount = 0
-                if (self.consecutive_success % 3) == 0:
+                # Only reset mitm after 3 consecutive clean successes (not on first success)
+                # and only if this test didn't detect MITM
+                if self.consecutive_success > 0 and (self.consecutive_success % 3) == 0 and not self.cert_error:
                     self.mitm = 0
                 self.consecutive_success += 1
                 self.success_count += 1