I have set up a rule in policy to allow users to an application based on the Symantec Application Classification category. (for example Office 365) but when a user tries to use the application it makes an HTTPS request and is blocked by the Proxy.
User sees the DENY page that is configured on the proxy. By default this will be a policy_deny page.
The ProxySG cannot read the headers within the encrypted request if SSL interception is not enabled.
When using the Application Classification controls to create policy to allow access to URLs, you will need to SSL intercept the HTTPS connections made by the application.
If this is not possible, the alternative would be to use BCWF/Intelligence Services category based matches or to add allow rules for the particular URLs impacted.