This article addresses an issue where password-protected files (PPF) cannot be downloaded when Cloud Proxy's Content Analysis System (CAS) is enabled, even with a CPL configured to bypass scanning for such files. Users may experience an ICAP error during the download attempt.

The Content Policy Language (CPL) for bypassing password-protected files and Content Scanning Policy (CSP) are incompatible when used together. When both are active, the CPL to allow the download of password-protected files will not function as expected, leading to the blocking of these downloads.

To properly allow the download of password-protected files while still utilizing Content Analysis and UPE for Cloud SWG, it is necessary to enable CAS using the a Web Content layer that enables CAS scanning through an icap respmod rule and not through the Content Policy layer. Once CAS is configured in this manner, the PPF CPL will work in conjunction with it to permit the download of password-protected files.