Some URLs are blocked when using HTTPS Inspection

Question

We are facing an issue of blocked requests when using the "Decrypt & Scan HTTPS" option for certain sites. 
 Here is an example: 
 https://channel9.msdn.com/ works 
 https://channel9.msdn.com/blogs works (it gets redirected to https://channel9.msdn.com/Browse/Blogs ) 
 https://channel9.msdn.com/blogs/ea.azure.com results in a blocked request 
 
 If we turn off the "Decrypt & Scan HTTPS" option then the blocked site works. 
 Regarding HTTPS Inspection, the "Block unrecognized SSL protocols" and "Block invalid certificates" options are both not selected (i.e. disabled). 
 We are running SFOS 16.01.3 MR-2 
 
 Is anyone else facing this issue? Is there a solution?

lferrara · Accepted Answer

Peter, 
 I am able to surf on all the 3 sites and I have SSL Enabled. It depends on what filters you have enabled. You can check why the website is blocked using the Log Viewer > Web Log Filter 
 Thanks.

Peter Lapornik · Answer

Thanks to everyone that tested the URLs that I posted and were able to tell me if they worked in their environment. Good feedback can be invaluable when trying to solve issues such as this. 
 After more testing we worked out that the problem was the default Not Suitable for the Office user activity. In particular, the Not Suitable for the Office user activity includes the Executable Files file type. This file type includes .com files. 
 This is what was causing sites like the one I posted above to be blocked.

lferrara · Answer

In order to get HTTPS working you have to import the SSL_Appliance CA. Some sites like google, facebook will not work and a HSTS error will appear. I am using HTTPS Scanning since last October and it works with no issue (apart Dropbox where you have to create an web filter exception). 
 Regards