OneDrive Windows client is used to upload files to Office 365 Sharepoint server.

Some of the upload(s) are blocked as expected because the upload(s) matches a CASB block rule but OneDrive client does not receive any indication / notifications as to why upload failed.

On the Cloud SWG portal the Notification service is enabled for the WSS Agent, and the expected notification does not appear.

CloudSOC integration with Cloud SWG.

Office 365 gatelet enabled on CloudSOC.

CASB only license.

A thick client (Win32/64) is used used to upload/download files (OneDrive to Office 365 services).

There was a defect with Cloud SWG as well as issues with the notification setup on Windows.

A fix was rolled out globally by Broadcom at the end of October 2023.

Disabling and re-enabling Windows notification events for Symantec WSS Agent aslo helped resolve this issue.

Useful tips on addressing Windows notification issues also followed.

Using Fiddler to capture HTTP requests on the Onedrive tick application, one could confirm that upload 200 OK response included x-elastica_block message confirming that CASB had blocked the upload, even though application did not render any useful info.

PCAPs from Symdiag confirmed that the websocket connection to notifications.symcwss.cloud was created successfully when tunnel established into Cloud SWG.

PCAPs from Symdiag confirmed that no payload data came back from the Cloud Proxy to WSS Agent when the upload was blocked.