When a domain is configured for bypass under Agent Traffic Manager -> Traffic Bypass Rule -> Domain Bypass List in Cloud SWG, the WSS Agent (WSSA) may fail to bypass the domain if it is also configured in the Windows `hosts` file (local DNS).

WSSA's bypass mechanism relies on a DNS request being initiated for the domain. When a domain's IP address is resolved directly through the `hosts` file, a DNS request is not made. Consequently, WSSA does not recognize the domain as a bypass entry, even if it is explicitly configured as such in Cloud SWG.

To ensure proper domain bypassing by WSSA, consider the following solutions:

1. Utilize DNS for Domain Resolution: Create a DNS entry for the domain instead of using the `hosts` file to resolve its name. This will ensure a DNS request is made, allowing WSSA to apply the bypass rule.

OR

2. Configure IP Bypass: Alternatively, add the IP address of the domain to the IP Bypass List within Cloud SWG's Agent Traffic Manager. This will bypass traffic to the specified IP address directly.