Security Risk Detected while accessing HTTPS sites

Seeing the same problem since updating from some previous 17.x xg115w to SFOS 17.1.2 MR2.  Various websites such as google.com & yahoo.com become inaccessible.  Example XG firewall rule has the Web Malware and Content Scanning >> Scan HTTP + Intrusion Prevention >> lantowan_general + Application Control >> block very high risk apps options enabled and the
Decrypt & Scan HTTPS option not enabled.  Problem no longer happens after disabling the Scan HTTP option.  The blocking seems random and dfifferent results have been seen in different browsers on the same pc for the same url''s.  After successfully browsing a previously blocked website while the Scan HTTP option is disabled, the same website can then continue to be browsed after the option is re-enabled even after browser close/reopen + page refresh which seems unusual.   Any ideas?

Stop!
Security risk detected
Access to the website you are requesting has been blocked because it is a security risk.
Return to previous page

Reason for blocking this site
The requested content could not be scanned for malware. It may be corrupted or encrypted.

About this request
URL: http://www.yahoo.com/

Seeing the same problem since updating from some previous 17.x xg115w to SFOS 17.1.2 MR2.  Various websites such as google.com & yahoo.com become inaccessible.  Example XG firewall rule has the Web Malware and Content Scanning >> Scan HTTP + Intrusion Prevention >> lantowan_general + Application Control >> block very high risk apps options enabled and the
Decrypt & Scan HTTPS option not enabled.  Problem no longer happens after disabling the Scan HTTP option.  The blocking seems random and dfifferent results have been seen in different browsers on the same pc for the same url''s.  After successfully browsing a previously blocked website while the Scan HTTP option is disabled, the same website can then continue to be browsed after the option is re-enabled even after browser close/reopen + page refresh which seems unusual.   Any ideas?

Stop!
Security risk detected
Access to the website you are requesting has been blocked because it is a security risk.
Return to previous page

Reason for blocking this site
The requested content could not be scanned for malware. It may be corrupted or encrypted.

About this request
URL: http://www.yahoo.com/

Hi,

I spent a lot of time with the same issue and I finally resolved it by re-installing the CAs. Ona MAC Safari worked fine from the outset, but FF kept failing. I thought I had deleted all certificates from the XG and re-installed them correctly. After many days of frustration and help/pointers from Sachin I found a certificate that wen not trusted. I changed the trust settings and the issues no longer occur and I was able to remove number of site exceptions. I was also able to get my Wife's MAC to work with https scanning after cleaning up het machine CAs.

With a W10 machine I uninstalled all XG CAs and then installed the XG CA in the trusted root folder and bingo the W10 machine no longer has issues.

I found some of these fixes while searching for how to install CAs on W10 machines.

The good part is now the failing sites all load much quicker and the XG policies are applied.

Interesting finding during my testing is that facebook is a firewall avoidance app as well as high rating app, so had to downgrade those application settings.

Ian