As an administrator, I would like to know why the WSS agent is making calls to client-id.wss.symantec.com.

Web Security Service

WSS Agent 7.x+

The WSS Agent making a call to client-id.wss.symantec.com is expected behavior as the agent is ready to support a future feature release.

In the proxy access logs or report, you will see tcp:// (initial request), ssl:// (SSL worker) and https://client-id.wss.symantec.com (decrypted) in the logs.

The WSS proxies are doing SSL interception on "exception" for this particular domain due to the fact that the domain is of interest to us.

Once the WSS SSL proxy decrypts the request and sees that the request is coming from WSS Agent user-agent. The proxy will return a DENIED with Verdict: client_id_agent_response.

This is based on our WSS central policy and it is expected. Once WSS enables the feature in a future release, the behavior could change.