Users, while utilizing the Cloud SWG agent to access the internet via Cloud SWG, encounter a block when attempting to download a specific file from a government website. Cloud SWG, managed via UPE (not the portal), triggers a malware check, which results in a "virus_detected_denied" action, preventing the file download.

This file, a Java executable, is essential for verifying digital certificates used by users to upload tender responses. Multiple vendors have flagged it as risky/malware according to VirusTotal. Although an effort has been made to add a malware bypass for this file in the UPE configuration, users continue to experience download issues via Cloud SWG.

• Cloud SWG managed using UPE
• Cloud SWG Agent on Windows/MacOS

The problem arises due to the multi-layered malware checks within UPE. A specific layer, blocking the file, is executed even after the bypass exception is initiated by a previous layer.

To resolve the issue, consolidate all malware policies into a single layer, streamlining the malware check process and effectively enabling the intended bypass.

Added valid CPL code to bypass scanning for our problem object

 ;; Tab: [MU Gov Java Utility Allow CPL]
<Cache>
condition="Scanning Exemption" response.icap_service(no) 

define condition "Scanning Exemption"
url.domain=proc.publicprocurement.gov.org/workflow/NSEU.exe
end condition "Scanning Exemption"

but another layer existed below that sent it back to be scanned

 ;; Tab: [GLB Web Content AV Scanning]
<Cache> condition=!__is_notify_internal
policy.BC_TP_respmod_scan_fail_open ok ; Rule 2 ; WSS_AV_Scanning ; Gestures transformed ; response.icap_service.secure_connection(auto) -> ok

Consolidated the two into one layer and all worked fine.