Files are not blocked by the policy when uploading a document using the desktop app Google Drive Sync.

The same document is blocked when uploaded to Google Drive from a Browser.

The upload activity is not seen in investigate use the Google Drive Sync.

SSL decryption must take place on all the Google domains of interest. Google provides the following domains of interest (DoI). Make sure that you the local proxy and WSS are not bypassing the domains.

In one case, a customer was bypassing googleapis.com and apis.google.com.  The proxy engineering was able to verify that the decryption was bypassed and the traffic was sent directly to Google instead of WSS.

Using Google Drive sync may not synchronize files because it does not trust WSS as an intercepting proxy. Follow the DriveSync documenation to see how to add the wss certificate using the setting TrustedRootCertsFile. Alternatively, test by disabling the SSL Validation: DisableSSLValidation, the data is encrypted but the certificate is not tested.

A proxy trace can verify that the traffic is decrypted and sent to WSS. 

A Fiddler trace may also verify that the traffic is destined for WSS.