It is noticed that some domains are being bypassed, even though there is no associated domain or IP in the Cloud SWG bypass list related to the bypassed traffic.
Cloud SWG (formerly Web Security Service - WSS)
SEP-NTR (tunnel mode)
The SEP Agent maintains a list of URLs that it must communicate with to perform multiple functions. These domains are added to the Cloud SWG bypass list when utilizing Web and Cloud Access Protection (SEP-NTR or tunnel mode). This list will not be visible in the Cloud SWG portal under Connectivity > Bypassed Traffic as this is specific to SEP-NTR. These bypasses are not applied when using the stand-alone WSS Agent.
avagoext.okta.com
avs-avpg.crsi.symantec.com
bash-avpg.crsi.symantec.com
bds.securitycloud.symantec.com
central.avsi.symantec.com
central.b6.crsi.symantec.com
central.crsi.symantec.com
central.nrsi.symantec.com
central.ss.crsi.symantec.com
ent-shasta-mr-clean.symantec.com
ent-shasta.rrs.symantec.com
faults.symantec.com
linux-repo.us.securitycloud.symantec.com
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
sep.securitycloud.symantec.com
services-prod.symantec.com
sp.cwfservice.net
stnd-avpg.crsi.symantec.com
stnd-ipsg.crsi.symantec.com
storage.googleapis.com
telemetry.broadcom.com
tses.broadcom.com
tus1gwynwapex01.symantec.com
uploads.sep.securitycloud.symantec.com
us.spoc.securitycloud.symantec.com
usea1.r3.securitycloud.symantec.com
ws.securitycloud.symantec.com
Additional information about each of the domains is included in the following documentation:
External URLs required for Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES)
This behavior is expected for SEP-NTR (tunnel mode). The SEP Agent maintains this list of domains ensure connectivity for the performance of its functions. This list is not editable, nor can it be overridden.