By default, the Symantec Web Security Service (WSS) does not intercept inbound HTTPS traffic from destination web locations and applications. With the default configuration, the WSS applies Content Filtering policy to the furthest extent possible; however, it cannot apply policies to transactions that require deeper inspection, such as web application controls or malware scanning.
Enabling SSL Interception allows the WSS to decrypt HTTPS connections, examine the contents, and perform policy checks.
If SSL Interception is not enabled, some encrypted web traffic is still filtered because WSS intercepts on exception.
This article describes the possible cases / scenarios that the WSS intercepts web traffic despite Cloud SSL Interception set to Disable.
The WSS requires SSL Interception on traffic to apply policies to transactions that require deeper inspection, such as web application controls, malware scanning, blocked categories, and so on. Hence, the WSS intercepts on exception.
The "Intercept on exception" cases, but not limited to: