AZ Asia-Pacific - Zscaler Help Centre

Policy Reasons

This article provides an explanation of the policy actions that are seen in Insights and NSS reports.

Policy Reason

Feature

Description

Access denied due to bad server certificate

SSL

The transaction to an SSL site was blocked due to server certificate validation failure or OCSP revocation check failure.

Access denied due to low TLS version

SSL

The inspected or uninspected SSL traffic was blocked due to a minimum TLS version enforcement in Policy > SSL Inspection.

Access denied due to URL FQDN and Host Header Mismatch

Core Proxy

The transaction was blocked due to an FQDN mismatch between HTTP/S request host header and request URL.

Allowed

N/A

The transaction was allowed.

Allowed - No Active Content

Sandbox

The file was allowed for download. It was found to be benign and have no active content based on the inline Sandbox static analysis.

Allowed and archived to mailbox

DLP

The transaction violated a DLP policy rule, but it was allowed. An email was sent to the auditor's mailbox.

Allowed and archived to mailbox failed

DLP

The transaction violated a DLP policy rule, but it was allowed. Failed to send an email to the auditor's mailbox.

Allowed and No Scan

Sandbox

The file was allowed for download because a Sandbox policy had the First Time Action of Allow and Do Not Scan.

Allowed due to override

URL Filtering

The transaction was blocked initially but was allowed after the override password was entered.

Blocked by Default URL Filtering

URL Filtering

The transaction was blocked by the default URL Filtering policy.

Blocked due to Bad SSL record

SSL

The SSL connection was blocked due to the forwarding of non-SSL traffic to HTTPS port.

Blocked due to invalid server IP

Web Insights Logs

The DNS server resolved an origin server as an invalid IP address.

Blocked due to Server Probe Failure

SSL

Block Undecryptable Traffic in Policy > SSL Inspection is enabled and the Zscaler service was unable to make a server-side connection (TCP or SSL).

Cautioned the use of this Social Network/Blogging site

Cloud App Control

Due to a Cloud App Control policy restricting access to Social Networking cloud apps, the transaction was cautioned.

Cautioned to post message to this site

Cloud App Control

Due to a Cloud App Control policy that restricts the user from posting content to Social Networking cloud apps, the transaction was cautioned.

Cautioned to upload media files to this site

Cloud App Control

Due to a Cloud App Control policy that restricts the user from uploading a file to Streaming Media or File Sharing cloud apps, the transaction was cautioned.

Cautioned to use this File Share site

Cloud App Control

Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was cautioned.

Cautioned to use this Webmail site

Cloud App Control

Due to a Cloud App Control policy that restricts access to Webmail cloud apps, the transaction was cautioned.

Communication with ad sites

Mobile Malware Protection

The transaction was generated by an application that communicates with ad sites and was blocked by Mobile Malware Protection policy.

Communication with unknown servers

Mobile Malware Protection

The transaction was generated by an application which communicates with unknown third party servers and was blocked by Mobile Malware Protection policy.

Country block outbound request: not allowed to access sites in this country

Advanced Threat Protection

Access request to a country was blocked due to an Advanced Threat Protection Suspicious Countries policy.

Custom reputation block outbound request malicious URL

Advanced Threat Protection

The destination in the request is part of your Blocked Malicious URLs list and the transaction was blocked.

DNAT with redirect to FQDN failed

Firewall Filtering

The transaction was blocked due to an unreachable FQDN in a NAT Control rule.

Fake Proxy Authentication

N/A

Used if the server sends a 407 response code (Proxy-Authenticate) for remote users. This is done as the server is asking the service to disclose authentication information.

File Attachment not allowed

Cloud App Control

An attempt to attach a file to an email on a webmail application was blocked due to a Cloud App Control policy.

Filetype download cautioned

File Type Control

The file download was cautioned due to a File Type Control policy.

Filetype upload cautioned

File Type Control

The attempt to upload the file was cautioned due to a File Type Control policy match.

Filetype upload/download cautioned


File Type Control

The attempt to upload or download a file was cautioned due to a File Type Control policy match.

FTP access is blocked by a firewall policy

Firewall Filtering

Access to an FTP Network Service or Network Application was blocked due to a Firewall Filtering rule.

Information identifying the device

Mobile Malware Protection

The transaction was generated by an application which shares device information and was blocked by Mobile Malware Protection policies.

Insecure user credentials

Mobile Malware Protection

The transaction was generated by an application which transmits user credentials in clear text and was blocked by Mobile Malware Protection policies.

Internet access cautioned

URL Filtering

The transaction was cautioned due to a URL Filtering policy.

IPS block inbound response: adware/spyware traffic

Advanced Threat Protection

Adware or spyware traffic was detected in the response and blocked by IPS.

IPS block inbound response: anonymization site

Advanced Threat Protection

Access to anonymization sites was blocked in the response by IPS.

IPS block inbound response: botnet command and control traffic

Advanced Threat Protection

Botnet command and control traffic was detected in the response and blocked by IPS.

IPS block inbound response: malicious content

Advanced Threat Protection

Malicious content was detected in the response and blocked by IPS.

IPS block inbound response: page contains known browser exploits

Advanced Threat Protection

Known browser exploits were detected and the access attempt was blocked by IPS.

IPS block inbound response: page contains known dangerous ActiveX controls

Advanced Threat Protection

Known dangerous ActiveX controls were detected in the response and blocked by IPS.

IPS block inbound response: phishing content

Advanced Threat Protection

Potential phishing content was detected in the response and blocked by IPS.

IPS block inbound response: webspam traffic

Advanced Threat Protection

Web spam traffic was detected in the request and blocked by IPS.

IPS block inbound response. IRC use/tunneling

Advanced Threat Protection

IRC use or tunneling was detected in the request and blocked by IPS.

IPS block inbound: file contains known vulnerabilities.

Advanced Threat Protection

The attempt to download a file was blocked by IPS because it was found to have known vulnerabilities.

IPS block outbound request: adware/spyware traffic

Advanced Threat Protection

Adware or spyware traffic was detected in the request and blocked by IPS.

IPS block outbound request: botnet command and control traffic

Advanced Threat Protection

Botnet command and control traffic was detected in the request and blocked by IPS.

IPS block outbound request: browser cookie theft

Advanced Threat Protection

The request to the site was blocked because the site was detected to potentially steal browser cookies by IPS.

IPS block outbound request: cross-site scripting (XSS) attack

Advanced Threat Protection

The site was detected to be vulnerable to XSS attacks and the request was blocked by IPS.

IPS block outbound request: IRC use/tunneling

Advanced Threat Protection

IRC use or tunneling was detected in the request and blocked by IPS.

IPS block outbound request: page contains known browser exploits

Advanced Threat Protection

Known browser exploits were detected and the transaction was blocked by IPS.

IPS block: SSH use/tunneling

Advanced Threat Protection

SSH use or tunneling was detected and blocked by IPS.

IPS or Reputation block: Crypto Mining traffic

Advanced Threat Protection

Cryptomining traffic was detected and blocked by IPS.

Known security vulnerabilities

Mobile Malware Protection

The transaction was generated by an application which has known security vulnerabilities and was blocked by Mobile Malware Protection policies.

Location information leak

Mobile Malware Protection

The transaction was generated by an application which shares location information and was blocked by Mobile Malware Protection policies.

Malicious behavior

Mobile Malware Protection

The transaction was generated by an application which is known to be malware and was blocked by Mobile Malware Protection policies.

Malware block: malicious file

Malware Protection

The download attempt of malicious content or files was blocked due to a signature match by the inline antivirus engine.

Not allowed because URL is blacklisted

Advanced Threat Protection

The transaction was blocked because the URL, domain, or IP address matched the custom Blocked Malicious URLs in Advanced Threat Protection policy.

Not allowed during this time of day

Cloud App Control, File Type Control, URL Filtering

The transaction was blocked by a policy which restricts access to internet resources based on time of the day.

Not allowed the use of this business site

Cloud App Control

Due to a Cloud App Control policy that restricts access to business cloud apps, the transaction was cautioned.

Not allowed the use of this Consumer site

Cloud App Control

Due to a Cloud App Control policy that restricts access to Consumer cloud apps, the transaction was blocked.

Not allowed the use of this enterprise site

Cloud App Control

Due to a Cloud App Control policy that restricts access to enterprise cloud apps, the transaction was blocked.

Not allowed the use of this Hosting Providers site

Cloud App Control

Due to a Cloud App Control policy that restricts access to hosting cloud apps, the transaction was blocked.

Not allowed the use of this IT Services site

Cloud App Control

Due to a Cloud App Control policy that restricts access to IT services cloud apps, the transaction was blocked.

Not allowed the use of this Mobile App Store

Mobile App Store Control

Access to the mobile application store was denied due to Mobile App Store Control policy.

Not allowed the use of this sales and marketing site

Cloud App Control

Due to a Cloud App Control policy that restricts access to Marketing cloud apps, the transaction was blocked.

Not allowed the use of this site with personal credentials

URL Filtering

The transaction was blocked due to Dropbox, Google Apps, Microsoft Login Services, Slack, or YouTube tenant restrictions in the respective Cloud App Control Policy rule.

Not allowed the use of this Social Network/Blogging site

Cloud App Control

Due to a Cloud App Control policy that restricts access to Social Networking cloud apps, the transaction was blocked.

Not allowed the use of this system and development site

Cloud App Control

Due to a Cloud App Control policy that restricts access to System and Development cloud apps, the transaction was blocked.

Not allowed to access internet

Locations

Access to the internet, including non-HTTP traffic, was blocked because the user has not accepted the Acceptable Use Policy. This option is set in Locations > Enable AUP > Block Internet Access.

Not allowed to access this file type

File Type Control

The file was blocked due to a File Type Control policy being triggered.

Not allowed to access to FTP sites

FTP Control

The transaction was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control.

Not allowed to browse this category

 URL Filtering

The transaction triggered a URL Filtering policy which has a Block action.

Not allowed to browse this category, needs override

URL Filtering

The transaction triggered a URL Filtering policy which has a Block action and provides an override option.

Not allowed to browse this P2P site

Advanced Threat Protection

Access to a known peer-to-peer site was blocked.

Not allowed to browse with unknown user agent

Advanced Threat Protection

An unknown user agent was detected and the transaction was blocked.

Not allowed to establish SSL connection due to policy

SSL

The traffic was blocked due to an SSL inspection policy which has a Block action.

Not allowed to post message to this site

Cloud App Control

Due to a Cloud App Control policy, an attempt to post content to a Social Networking application was blocked.

Not allowed to send webmail

Cloud App Control

Due to a Cloud App Control policy that restricts access to sending out emails from webmail cloud apps.

Not allowed to upload media files to this site

Cloud App Control


Due to a Cloud App Control policy that restricts access to uploading files to Streaming Media cloud apps.

Not allowed to upload media files to this site

Cloud App Control

Due to a Cloud App Control policy that restricts access to uploading files to File Sharing cloud apps, the transaction was blocked.

Not allowed to upload/download encrypted or password-protected archive files

Malware Protection

The file was blocked because it was encrypted or password protected and the policy to block Password-Protected Archive Files files was enabled under Malware Protection.

Not allowed to upload/download files of size greater than configured limit

Bandwidth Control

The user attempted to upload or download a file larger than the limit configured in your policy and the transaction was blocked.

Not allowed to upload/download files of this type

File Type Control

The attempt to upload or download a file was blocked due to a File Type Control policy.

Not allowed to upload/download media files of this type

Cloud App Control

Due to a Cloud App Control policy restricting access to Streaming Media cloud apps, the transaction was blocked.

Not allowed to upload/download media files of this type

Cloud App Control

Due to a Cloud App Control policy, an attempt to upload or download a file to or from a File Sharing cloud app was blocked.

Not allowed to upload/download unscannable file formats

Malware Protection

The file was blocked because the file format is not supported by Zscaler and the policy to block Unscannable Files was enabled in Malware Protection.

Not allowed to use FTP over HTTP for upload

FTP Control

The attempt to upload a file was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control.

Not allowed to use HTTP tunnel

Core Proxy

An HTTP tunneling attempt on a non-HTTP port was detected and blocked as the organization has the option Block tunneling to non-HTTP/HTTPS ports enabled.

Not allowed to use mobile app

Mobile Malware Protection

A mobile application was blocked due to Mobile Malware Protection policy settings.

Not allowed to use this browser

Browser Control

The transaction was generated by a browser that is not allowed by Browser Blocking in Browser Control and was blocked.

Not allowed to use this File Share site

Cloud App Control

Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was blocked.

Not allowed to use this IM site

Cloud App Control

Due to a Cloud App Control policy that restricts access to instant messaging cloud apps, the transaction was blocked.

Not allowed to use this Streaming Media site

Cloud App Control

Due to a Cloud App Control policy that restricts access to streaming media cloud apps, the transaction was blocked.

Not allowed to use this Webmail site

Cloud App Control

Due to a Cloud App Control policy that restricts access to webmail cloud apps, the transaction was blocked.

PageRisk block inbound response: page is unsafe

Advanced Threat Protection

The transaction was blocked because the content score of the page exceeded the Page Risk index threshold set by the Advanced Threat Suspicious Content Protection policy.

Personally identifiable information (PII)

Mobile Malware Protection

The transaction was generated by an application which shares personally identifiable information and was blocked by Mobile Malware Protection policies.

Quarantined

Sandbox

An attempt to download a file was temporarily held due to a Sandbox First Time Action policy set to Quarantine.

Reputation block outbound request malicious URL

Advanced Threat Protection

The transaction was blocked because the destination in the request is known to serve malware.

Reputation block outbound request: adware/spyware site

Advanced Threat Protection

Access to a known adware or spyware site was denied based on the reputation of the destination.

Reputation block outbound request: anonymization site

Advanced Threat Protection

 Protection

Access to the destination was blocked due to the destination's reputation to be an anonymizer.

Reputation block outbound request: botnet site

Advanced Threat Protection

A request was made to a known Command and Control Server and the transaction was blocked.

Reputation block outbound request: phishing site

Advanced Threat Protection

The transaction was blocked because the request was made to a known Phishing site.

Reputation block outbound request: webspam

Advanced Threat Protection

Web spam traffic was detected in the response and blocked by IPS.

Request method cautioned

URL Filtering

An attempt to post content to a webpage was cautioned by a URL Filtering policy.

Request method not allowed for this category

URL Filtering

The transaction triggered a URL Filtering policy which blocks the POST method.

Sandbox block inbound response: malicious file

Sandbox

This file was blocked because it was found to be malicious.

Secure Browsing blocked an outdated/disallowed component

Browser Control

An outdated component was detected and the transaction was blocked by the Browser Vulnerability Protection policies.

Secure Browsing warned about an outdated/disallowed component

Browser Control

An outdated component was detected and the user was warned by the Browser Vulnerability Protection policies.

Time quota exceeded daily limit

Cloud App Control, URL Filtering

The transaction was blocked due to a time quota associated with a policy.

Undecryptable Traffic Block

Cloud App Control

The traffic from applications that used non-standard encryption methods was blocked as the Block Undecryptable Traffic option is enabled under Policy > SSL Inspection.

Violates Compliance Category

DLP

Due to a DLP policy violation, the transaction was blocked.

Violates Compliance Category, archive to mailbox

DLP


The transaction was blocked due to a DLP policy violation. Email was sent to the auditor's mailbox.

Violates Compliance Category, archive to mailbox failed

DLP

The transaction was blocked due to a DLP policy violation. Failed to send email to the auditor's mailbox.

Volume quota exceeded daily limit

Cloud App Control, URL Filtering

The transaction was blocked due to a volume quota associated with a policy.

Web application is blocked by Firewall rule

Firewall Filtering

Access to the Network Application was blocked because it is part of a Firewall Filtering rule.