Cloud SWG agent used to access the internet via Cloud SWG
Cloud SWG managed using UPE and not Portal
Users accessing a file on a specific government website are blocked from downloading it by Cloud SWG malware checks due to the "virus_detected_denied" action
The file is a java executable used to verify digital certificates that are assigned to users for uploads of tender responses.
The file is flagged by multiple sites as risky/malware by multiple vendors as per https://www.virustotal.com/
Need to add a malware bypass for this file but despite adding it to the UPE configuration, the users still cannot download the file via Cloud SWG
Cloud SWG managed using UPE
Cloud SWG Agent on Windows/MacOS
Multiple layers of malware checks exist within UPE and a layer blocking file is executed after the bypass exception from previous layer
Merged all malware policies into one layer.
Added valid CPL code to bypass scanning for our problem object
;; Tab: [MU Gov Java Utility Allow CPL]
<Cache>
condition="Scanning Exemption" response.icap_service(no)
define condition "Scanning Exemption"
url.domain=proc.publicprocurement.gov.org/workflow/NSEU.exe
end condition "Scanning Exemption"
but another layer existed below that sent it back to be scanned
;; Tab: [GLB Web Content AV Scanning]
<Cache> condition=!__is_notify_internal
policy.BC_TP_respmod_scan_fail_open ok ; Rule 2 ; WSS_AV_Scanning ; Gestures transformed ; response.icap_service.secure_connection(auto) -> ok
Consolidated the two into one layer and all worked fine.