This article provides an explanation of the policy actions that are seen in Insights and NSS reports.
Policy Reason | Feature | Description |
|---|---|---|
Access denied due to bad server certificate | SSL | The transaction to an SSL site was blocked due to server certificate validation failure or OCSP revocation check failure. |
Access denied due to low TLS version | SSL | The inspected or uninspected SSL traffic was blocked due to a minimum TLS version enforcement in Policy > SSL Inspection. |
Access denied due to URL FQDN and Host Header Mismatch | Core Proxy | The transaction was blocked due to an FQDN mismatch between HTTP/S request host header and request URL. |
Allowed | N/A | The transaction was allowed. |
Allowed - No Active Content | Sandbox | The file was allowed for download. It was found to be benign and have no active content based on the inline Sandbox static analysis. |
Allowed and archived to mailbox | DLP | The transaction violated a DLP policy rule, but it was allowed. An email was sent to the auditor's mailbox. |
Allowed and archived to mailbox failed | DLP | The transaction violated a DLP policy rule, but it was allowed. Failed to send an email to the auditor's mailbox. |
Allowed and No Scan | Sandbox | The file was allowed for download because a Sandbox policy had the First Time Action of Allow and Do Not Scan. |
Allowed due to override | URL Filtering | The transaction was blocked initially but was allowed after the override password was entered. |
Blocked by Default URL Filtering | URL Filtering | The transaction was blocked by the default URL Filtering policy. |
Blocked due to Bad SSL record | SSL | The SSL connection was blocked due to the forwarding of non-SSL traffic to HTTPS port. |
Blocked due to invalid server IP | Web Insights Logs | The DNS server resolved an origin server as an invalid IP address. |
Blocked due to Server Probe Failure | SSL | Block Undecryptable Traffic in Policy > SSL Inspection is enabled and the Zscaler service was unable to make a server-side connection (TCP or SSL). |
Cautioned the use of this Social Network/Blogging site | Cloud App Control | Due to a Cloud App Control policy restricting access to Social Networking cloud apps, the transaction was cautioned. |
Cautioned to post message to this site | Cloud App Control | Due to a Cloud App Control policy that restricts the user from posting content to Social Networking cloud apps, the transaction was cautioned. |
Cautioned to upload media files to this site | Cloud App Control | Due to a Cloud App Control policy that restricts the user from uploading a file to Streaming Media or File Sharing cloud apps, the transaction was cautioned. |
Cautioned to use this File Share site | Cloud App Control | Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was cautioned. |
Cautioned to use this Webmail site | Cloud App Control | Due to a Cloud App Control policy that restricts access to Webmail cloud apps, the transaction was cautioned. |
Communication with ad sites | Mobile Malware Protection | The transaction was generated by an application that communicates with ad sites and was blocked by Mobile Malware Protection policy. |
Communication with unknown servers | Mobile Malware Protection | The transaction was generated by an application which communicates with unknown third party servers and was blocked by Mobile Malware Protection policy. |
Country block outbound request: not allowed to access sites in this country | Advanced Threat Protection | Access request to a country was blocked due to an Advanced Threat Protection Suspicious Countries policy. |
Custom reputation block outbound request malicious URL | Advanced Threat Protection | The destination in the request is part of your Blocked Malicious URLs list and the transaction was blocked. |
DNAT with redirect to FQDN failed | Firewall Filtering | The transaction was blocked due to an unreachable FQDN in a NAT Control rule. |
Fake Proxy Authentication | N/A | Used if the server sends a 407 response code (Proxy-Authenticate) for remote users. This is done as the server is asking the service to disclose authentication information. |
File Attachment not allowed | Cloud App Control | An attempt to attach a file to an email on a webmail application was blocked due to a Cloud App Control policy. |
Filetype download cautioned | File Type Control | The file download was cautioned due to a File Type Control policy. |
Filetype upload cautioned | File Type Control | The attempt to upload the file was cautioned due to a File Type Control policy match. |
Filetype upload/download cautioned |
| The attempt to upload or download a file was cautioned due to a File Type Control policy match. |
FTP access is blocked by a firewall policy | Firewall Filtering | Access to an FTP Network Service or Network Application was blocked due to a Firewall Filtering rule. |
Information identifying the device | Mobile Malware Protection | The transaction was generated by an application which shares device information and was blocked by Mobile Malware Protection policies. |
Insecure user credentials | Mobile Malware Protection | The transaction was generated by an application which transmits user credentials in clear text and was blocked by Mobile Malware Protection policies. |
Internet access cautioned | URL Filtering | The transaction was cautioned due to a URL Filtering policy. |
IPS block inbound response: adware/spyware traffic | Advanced Threat Protection | Adware or spyware traffic was detected in the response and blocked by IPS. |
IPS block inbound response: anonymization site | Advanced Threat Protection | Access to anonymization sites was blocked in the response by IPS. |
IPS block inbound response: botnet command and control traffic | Advanced Threat Protection | Botnet command and control traffic was detected in the response and blocked by IPS. |
IPS block inbound response: malicious content | Advanced Threat Protection | Malicious content was detected in the response and blocked by IPS. |
IPS block inbound response: page contains known browser exploits | Advanced Threat Protection | Known browser exploits were detected and the access attempt was blocked by IPS. |
IPS block inbound response: page contains known dangerous ActiveX controls | Advanced Threat Protection | Known dangerous ActiveX controls were detected in the response and blocked by IPS. |
IPS block inbound response: phishing content | Advanced Threat Protection | Potential phishing content was detected in the response and blocked by IPS. |
IPS block inbound response: webspam traffic | Advanced Threat Protection | Web spam traffic was detected in the request and blocked by IPS. |
IPS block inbound response. IRC use/tunneling | Advanced Threat Protection | IRC use or tunneling was detected in the request and blocked by IPS. |
IPS block inbound: file contains known vulnerabilities. | Advanced Threat Protection | The attempt to download a file was blocked by IPS because it was found to have known vulnerabilities. |
IPS block outbound request: adware/spyware traffic | Advanced Threat Protection | Adware or spyware traffic was detected in the request and blocked by IPS. |
IPS block outbound request: botnet command and control traffic | Advanced Threat Protection | Botnet command and control traffic was detected in the request and blocked by IPS. |
IPS block outbound request: browser cookie theft | Advanced Threat Protection | The request to the site was blocked because the site was detected to potentially steal browser cookies by IPS. |
IPS block outbound request: cross-site scripting (XSS) attack | Advanced Threat Protection | The site was detected to be vulnerable to XSS attacks and the request was blocked by IPS. |
IPS block outbound request: IRC use/tunneling | Advanced Threat Protection | IRC use or tunneling was detected in the request and blocked by IPS. |
IPS block outbound request: page contains known browser exploits | Advanced Threat Protection | Known browser exploits were detected and the transaction was blocked by IPS. |
IPS block: SSH use/tunneling | Advanced Threat Protection | SSH use or tunneling was detected and blocked by IPS. |
IPS or Reputation block: Crypto Mining traffic | Advanced Threat Protection | Cryptomining traffic was detected and blocked by IPS. |
Known security vulnerabilities | Mobile Malware Protection | The transaction was generated by an application which has known security vulnerabilities and was blocked by Mobile Malware Protection policies. |
Location information leak | Mobile Malware Protection | The transaction was generated by an application which shares location information and was blocked by Mobile Malware Protection policies. |
Malicious behavior | Mobile Malware Protection | The transaction was generated by an application which is known to be malware and was blocked by Mobile Malware Protection policies. |
Malware block: malicious file | Malware Protection | The download attempt of malicious content or files was blocked due to a signature match by the inline antivirus engine. |
Not allowed because URL is blacklisted | Advanced Threat Protection | The transaction was blocked because the URL, domain, or IP address matched the custom Blocked Malicious URLs in Advanced Threat Protection policy. |
Not allowed during this time of day | Cloud App Control, File Type Control, URL Filtering | The transaction was blocked by a policy which restricts access to internet resources based on time of the day. |
Not allowed the use of this business site | Cloud App Control | Due to a Cloud App Control policy that restricts access to business cloud apps, the transaction was cautioned. |
Not allowed the use of this Consumer site | Cloud App Control | Due to a Cloud App Control policy that restricts access to Consumer cloud apps, the transaction was blocked. |
Not allowed the use of this enterprise site | Cloud App Control | Due to a Cloud App Control policy that restricts access to enterprise cloud apps, the transaction was blocked. |
Not allowed the use of this Hosting Providers site | Cloud App Control | Due to a Cloud App Control policy that restricts access to hosting cloud apps, the transaction was blocked. |
Not allowed the use of this IT Services site | Cloud App Control | Due to a Cloud App Control policy that restricts access to IT services cloud apps, the transaction was blocked. |
Not allowed the use of this Mobile App Store | Mobile App Store Control | Access to the mobile application store was denied due to Mobile App Store Control policy. |
Not allowed the use of this sales and marketing site | Cloud App Control | Due to a Cloud App Control policy that restricts access to Marketing cloud apps, the transaction was blocked. |
Not allowed the use of this site with personal credentials | URL Filtering | The transaction was blocked due to Dropbox, Google Apps, Microsoft Login Services, Slack, or YouTube tenant restrictions in the respective Cloud App Control Policy rule. |
Not allowed the use of this Social Network/Blogging site | Cloud App Control | Due to a Cloud App Control policy that restricts access to Social Networking cloud apps, the transaction was blocked. |
Not allowed the use of this system and development site | Cloud App Control | Due to a Cloud App Control policy that restricts access to System and Development cloud apps, the transaction was blocked. |
Not allowed to access internet | Locations | Access to the internet, including non-HTTP traffic, was blocked because the user has not accepted the Acceptable Use Policy. This option is set in Locations > Enable AUP > Block Internet Access. |
Not allowed to access this file type | File Type Control | The file was blocked due to a File Type Control policy being triggered. |
Not allowed to access to FTP sites | FTP Control | The transaction was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control. |
Not allowed to browse this category | URL Filtering | The transaction triggered a URL Filtering policy which has a Block action. |
Not allowed to browse this category, needs override | URL Filtering | The transaction triggered a URL Filtering policy which has a Block action and provides an override option. |
Not allowed to browse this P2P site | Advanced Threat Protection | Access to a known peer-to-peer site was blocked. |
Not allowed to browse with unknown user agent | Advanced Threat Protection | An unknown user agent was detected and the transaction was blocked. |
Not allowed to establish SSL connection due to policy | SSL | The traffic was blocked due to an SSL inspection policy which has a Block action. |
Not allowed to post message to this site | Cloud App Control | Due to a Cloud App Control policy, an attempt to post content to a Social Networking application was blocked. |
Not allowed to send webmail | Cloud App Control | Due to a Cloud App Control policy that restricts access to sending out emails from webmail cloud apps. |
Not allowed to upload media files to this site | Cloud App Control | Due to a Cloud App Control policy that restricts access to uploading files to Streaming Media cloud apps. |
Not allowed to upload media files to this site | Cloud App Control | Due to a Cloud App Control policy that restricts access to uploading files to File Sharing cloud apps, the transaction was blocked. |
Not allowed to upload/download encrypted or password-protected archive files | Malware Protection | The file was blocked because it was encrypted or password protected and the policy to block Password-Protected Archive Files files was enabled under Malware Protection. |
Not allowed to upload/download files of size greater than configured limit | Bandwidth Control | The user attempted to upload or download a file larger than the limit configured in your policy and the transaction was blocked. |
Not allowed to upload/download files of this type | File Type Control | The attempt to upload or download a file was blocked due to a File Type Control policy. |
Not allowed to upload/download media files of this type | Cloud App Control | Due to a Cloud App Control policy restricting access to Streaming Media cloud apps, the transaction was blocked. |
Not allowed to upload/download media files of this type | Cloud App Control | Due to a Cloud App Control policy, an attempt to upload or download a file to or from a File Sharing cloud app was blocked. |
Not allowed to upload/download unscannable file formats | Malware Protection | The file was blocked because the file format is not supported by Zscaler and the policy to block Unscannable Files was enabled in Malware Protection. |
Not allowed to use FTP over HTTP for upload | FTP Control | The attempt to upload a file was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control. |
Not allowed to use HTTP tunnel | Core Proxy | An HTTP tunneling attempt on a non-HTTP port was detected and blocked as the organization has the option Block tunneling to non-HTTP/HTTPS ports enabled. |
Not allowed to use mobile app | Mobile Malware Protection | A mobile application was blocked due to Mobile Malware Protection policy settings. |
Not allowed to use this browser | Browser Control | The transaction was generated by a browser that is not allowed by Browser Blocking in Browser Control and was blocked. |
Not allowed to use this File Share site | Cloud App Control | Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was blocked. |
Not allowed to use this IM site | Cloud App Control | Due to a Cloud App Control policy that restricts access to instant messaging cloud apps, the transaction was blocked. |
Not allowed to use this Streaming Media site | Cloud App Control | Due to a Cloud App Control policy that restricts access to streaming media cloud apps, the transaction was blocked. |
Not allowed to use this Webmail site | Cloud App Control | Due to a Cloud App Control policy that restricts access to webmail cloud apps, the transaction was blocked. |
PageRisk block inbound response: page is unsafe | Advanced Threat Protection | The transaction was blocked because the content score of the page exceeded the Page Risk index threshold set by the Advanced Threat Suspicious Content Protection policy. |
Personally identifiable information (PII) | Mobile Malware Protection | The transaction was generated by an application which shares personally identifiable information and was blocked by Mobile Malware Protection policies. |
Quarantined | Sandbox | An attempt to download a file was temporarily held due to a Sandbox First Time Action policy set to Quarantine. |
Reputation block outbound request malicious URL | Advanced Threat Protection | The transaction was blocked because the destination in the request is known to serve malware. |
Reputation block outbound request: adware/spyware site | Advanced Threat Protection | Access to a known adware or spyware site was denied based on the reputation of the destination. |
Reputation block outbound request: anonymization site | Advanced Threat Protection | Protection Access to the destination was blocked due to the destination's reputation to be an anonymizer. |
Reputation block outbound request: botnet site | Advanced Threat Protection | A request was made to a known Command and Control Server and the transaction was blocked. |
Reputation block outbound request: phishing site | Advanced Threat Protection | The transaction was blocked because the request was made to a known Phishing site. |
Reputation block outbound request: webspam | Advanced Threat Protection | Web spam traffic was detected in the response and blocked by IPS. |
Request method cautioned | URL Filtering | An attempt to post content to a webpage was cautioned by a URL Filtering policy. |
Request method not allowed for this category | URL Filtering | The transaction triggered a URL Filtering policy which blocks the POST method. |
Sandbox block inbound response: malicious file | Sandbox | This file was blocked because it was found to be malicious. |
Secure Browsing blocked an outdated/disallowed component | Browser Control | An outdated component was detected and the transaction was blocked by the Browser Vulnerability Protection policies. |
Secure Browsing warned about an outdated/disallowed component | Browser Control | An outdated component was detected and the user was warned by the Browser Vulnerability Protection policies. |
Time quota exceeded daily limit | Cloud App Control, URL Filtering | The transaction was blocked due to a time quota associated with a policy. |
Undecryptable Traffic Block | Cloud App Control | The traffic from applications that used non-standard encryption methods was blocked as the Block Undecryptable Traffic option is enabled under Policy > SSL Inspection. |
Violates Compliance Category | DLP | Due to a DLP policy violation, the transaction was blocked. |
Violates Compliance Category, archive to mailbox | DLP | The transaction was blocked due to a DLP policy violation. Email was sent to the auditor's mailbox. |
Violates Compliance Category, archive to mailbox failed | DLP | The transaction was blocked due to a DLP policy violation. Failed to send email to the auditor's mailbox. |
Volume quota exceeded daily limit | Cloud App Control, URL Filtering | The transaction was blocked due to a volume quota associated with a policy. |
Web application is blocked by Firewall rule | Firewall Filtering | Access to the Network Application was blocked because it is part of a Firewall Filtering rule. |
