Standalone WSS Agent (WSSA) with Application Bypass (e.g., for Tanium, Microsoft Teams, etc.) is not fully bypassing the traffic for those applications in UDP.

Symptoms:
• Bypassed applications may stall
• Cloud SWG reports show traffic for these applications is being sent via the tunnel rather than being bypassed.
• Packet captures show the traffic correctly bypassing the agent (capture-net.pcap), but later the traffic is sent through the tunnel (capture-tun.pcap) confirming that the traffic is not anymore bypassed as it should.

• WSS Agent in UDP
• Application bypass

In certain scenarios when the OS sends the connection delete request to WSS Agent, it may continue sending UDP packets using the same port even though it was reported to be closed. Then WSS Agent deletes the bypass record, as per delete request received from the OS. The following traffic is then not recognized to be bypassed, and it is logged as "unknown". At this point, WSS Agent starts sending the traffic through the tunnel.

The fix is available in ESA (Endpoint Security Agent) version 10.1.1 and later - will not be available in WSSA standalone.