What are the differences between the Content Filtering and Threat Protection policies in the Web Security Service (WSS) Portal?

Do I need to create policy in Threat Protection if I already have policy in Content Filtering?

Content Filtering
The Content Filtering policy in WSS is for policy enforcement and allows (or disallows) access to content based on its category, domain, or other criteria. Rules that are based on "who" is able to access particular categories should be placed here.

Threat Protection
Threat Protection policy determines whether content receives virus and malware scanning. By default, all web content is scanned for viruses. If a particular URL encounters issues when scanned for threats, the Threat Protection policy lets you exempt trusted sources, destinations, and web apps from malware scanning. However, it is not common to exclude websites from virus scanning. Under that section, you are also able to configure policy based on risk scores if you have the proper "risk scores" license.

You do not need to duplicate policy in both Content Filtering and Threat Protection. Any rules that are created to allow or disallow access to specific sites or categories should only be placed in Content Filtering, while Threat Protection is used to address specific issues with virus and malware scanning.