If Malware Scanning is enabled (Configuration > Threat Protection > Malware Scanning) on your ProxySG, your existing ICAP Best Practices and other policies to not Perform Response Analysis are ignored.
NOTE: As of 6.5.9.x and later, this CPL code to stop malware scanning to evaluate other policy is no longer required. Please verify on a case by case basis to make sure.
As explained in TECH241951, since SGOS 6.x introduced malware scanning, when you enable malware scanning on the ProxySG, it automatically adds policy to perform malware scanning for every response. Therefore this change will also cause Malware scanning overrides ICAP Best Practices.
By modifying Bypass_BC_Malware_scanning_solution CPL code in TECH241951, you can override Malware scanning policy rules and have the ICAP Best Practices CPL code effective.
Add the following CPL code in your local policy along with ICAP Best Practices CPL.
policy.Bypass_BC_malware_scanning_solution ; Creates a new layer after the Malware Scanning layers.
define cache policy Bypass_BC_malware_scanning_solution
<Cache Bypass_BC_malware_scanning_solution >
condition=NOICAP condition=ShouldScanHighPerformance response.icap_service(no) ; Bypasses Icap for URLs defined in NOICAP condition. NOICAP condition is part of ICAP Best Practices