When Symantec Endpoint Protection (SEP) is configured to use Web Security Service (WSS) Traffic Redirection (WTR), the client will perform a network probe dependent upon the source of the Proxy Auto Config (PAC) file: PAC File Management Service (PFMS) or another web server.
When a PFMS-hosted PAC file is used, SEP downloads from the specified URL and verifies that it is a valid PAC file. When the PAC file is hosted elsewhere, however, the SEP client is hardcoded to try and access a PFMS URL and gets a 404. This can result in issues in a Captive Portal environment with a locally hosted PAC file.
This behavior is resolved with the WTR Engine version 18.104.22.168. This build is downloaded via LiveUpdate.