Some 3rd party applications, such as SSL VPN clients do not support connecting though a loopback proxy. Use this document to update the proxy.pac file hosted by the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) Local Proxy Service (LPS).
Before making any changes, compile a list of addresses that need to be exempted from connecting through LPS. The default PAC file hosted by LPS directs clients to send requests to internal (RFC1918, and APIPA) addresses, and plain hostname addresses directly instead of through LPS. Any resources hosted on a public IP address, or accessed by DNS name will need to be added to the PAC file. These can be specified either by Fully Qualified Domain Name (FQDN), IP address, or IP address range.
Note: See Verify a Proxy Auto Configuration file using Web Security Service PAC File Management to learn how to check the PAC file syntax before deployment.
Use the PAC File Management Service (PFMS) PAC file
return "PROXY ";
SEP 14.3 introcued the ability to import a custom PAC file directly in the Integrations policy. Use this method for SEP 14.3 and newer clients managed by a SEP 14.3 or newer Symantec Endpoint Protection Manager (SEPM).
Import the PAC file into Integrations Policy
Note: The above configuration is only available in SEPM 14.3 or later. Additionally, Computers running pre 14.3 SEP clients will not make use of this setting. For pre-14.3 computers, use the Manual steps below.
Manually replace the PAC file
LPSFlags.exe --pac-script proxy.pac --restart