Symantec Endpoint Protection (SEP) clients detect files downloaded over HTTPS from Web sites that are included in the Exceptions policy as a Trusted Web Domain

Computers configured with Microsoft's Enhanced Mitigation Experience Toolkit (EMET)

This problem can happen when computers are configured with Microsoft's EMET. EMET protects the processes running on Windows computers from malicious process injection/tampering. The SEP client gets URL information from HTTPS downloads by injecting IPSEng32.dll into running Web browser processes. When EMET is configured to protect Internet Explorer or other Web browsers, the SEP client is unable to inject IPSEng32.dll into those browser processes and can't check the URL against the Trusted Web Domains exceptions.

To use Trusted Web Domains exceptions for HTTPS Web sites, you must disable EMET protection for the Web browser(s) used to download files from these URLs.