You configure Symantec Web Gateway (SWG) appliance in Inline Proxy/Proxy only mode to use NTLM v2. However SWG presents an NTLM authentication dialog box to the client browser for certain domains and IP addresses which are marked for Ignore Authentication in Whitelists within SWG. You seeks steps to avoid this behavior.
This behaviour is by design. The Web Gateway's proxy mode does not have the ability to whietlist against authentication of clients nor websites by IP nor hostname.
To workaround this behavior, configure your web browser to access Internet through SWG proxy using a PAC file. You can then use the logic int he PAC file to route the allowed website requests to go directly to those websites.