Use the "block" action when:

The security level is the strictest. WebSocket requests of this type are considered dangerous or illegitimate, and are
blocked from being viewed.

The Symantec Threat Isolation Platform checks the WebSocket request and prevents access to the destination website.

The Symantec Threat Isolation Platform notifies the endpoint browser via a block page that the request has been blocked.

A webpage can include iFrames that can also be blocked. The end user sees only the parts of the page that are not blocked.

Similar rule action applies to Download Profiles

Use the "Block" action when:

Security level is highest; files of this type are considered dangerous.

The Symantec Threat Isolation Platform checks the file type (by the file extension and MIME type) and determines that its handling type is Block

The file is not downloaded to the server, and a Block Page message is sent to the endpoint browser

Note: The Block action is applied to image file types (bmp, gif, jfif, x-png, tiff, ico) only when the end user tries to download the image. It is not applied when an image is copied or saved using context menu options in isolated website, because when these options are available, the image has been sanitized and resides on
the endpoint machine.

See snippets below, for sample implementation. Turn on the policy, when done.