Google Earth does not support transparent Authentication, so a Rule to bypass Authentication for that software is necessary.

In a Web Authentication Layer in Visual Policy Manager, Add a new rule and move it to the very top of that Layer.

• For Source, right·click the 'Any' and then Set... / New... / Request Header...
• Give the Object a Name such as "GoogleEarth"
• Select "User-Agent" as the Header Name
• For Header Regex, enter "GoogleEarth" without the quotes
• The Destination for that Rule should be 'Any'
• The Action should be 'Do Not Authenticate'

If preferred, the following Content Policy Language (CPL) may be added instead to the Local Policy File:

<Proxy>
                request.header.User-Agent="GoogleEarth" authenticate(no)