Starting with v4.3.1.1, the unsupported-sites list included in the release will contain the Symantec-based sites only. Domain names that do not reference the Symantec family of domains have been removed from the unsupported-sites list, and customers should create and maintain a custom domain name list of sites that should be cut through. The sites you choose to include are based on your company’s security posture, environment, supported client applications, and other factors contributing to the security policy, including the decision to cut through sites uninspected.

The following domains are known to have issues with SSL Visibility inspection rules:
 
*.citrixonline.com
*.data.toolbar.yahoo.com
*.dropbox.com
*.fedoraproject.org
*.infra.lync.com
*.itunes.apple.com
*.logmein.com
*.mozilla.org
*.phonefactor.com
*.rhn.redhat.com
*.sls.microsoft.com
*.update.microsoft.com
*.windowsupdate.microsoft.com
account.live.com
courier.push.apple.com
courier.sandbox.push.apple.com
cyclops.iastate.edu
radarsubmissions.apple.com
swdist.apple.com
swscan.apple.com
download.bluecoat.com
 
Note that the unsupported-sites list of Symantec domains will be maintained by Symantec and will automatically be updated in future releases when necessary. This list is not editable by the user, but is viewable in the WebUI. Customers are responsible for maintaining their own custom domain list of unsupported sites, using this KB as a reference. You will also need to create a cut through rule for the custom list.

Action Required
 
Refer to KB ALERT2614 for instructions on creating a custom domain name list.