An allowed youtube video when viewed, causes other disallowed youtube videos to be accessed and bypasses the content filtering policy to deny traffic when using Google Chrome.
QUIC is an experimental network transport protocol developed by Google.
Google Chrome supports this protocol, and it is enabled by default. The feature is used when the browser connects to Google web services, such as Google and YouTube.
The traffic between Chrome and these services is sent using UDP on port 443, and in some scenarios, the traffic can bypass the Web Security Service.
Web Security Service
There are 2 options to prevent QUIC protocol from bypassing the Web Security Proxy Service:
The Google Chrome GPO template can be obtained here.
The following Windows registry key (or Mac/Linux preference) can be used to disable QUIC in Chrome, and can be enforced via GPO or equivalent:
Note: If you are running the Unified Agent and the option to Allow Google QUIC unchecked in the Web Security Service Console,> Services > Mobility > Unified Agent, the agent will block the QUIC protocol by default.
If you have a business requirement or a preference for the highest performance, you can instruct the Web Security Service to bypass QUIC connections. For security reason, be advised that Symantec does not recommend this option as you can run into an issue as the one mention in the article. Because QUIC is UDP-based, these connections are bypassed at the client end-point, which means the traffic is not checked against policy nor is reporting against the Unified Agent possible. Only select this bypass option if the highest performance for these clients supersedes the security requirements.
Any other access method to the Web Security Service can use the steps shown above.