Could you confirm whether you are using NTLM user mode authentication in proxy ?? We are aware of SAE 3.5 limitation where SAE is not able to retrieve ratings behind this mode. If yes then you can change the mode to say Basic and see whether SAE is able to retrieve the ratings. That will bracket down the issue. Till we come up with support for NTLM user authentication mode, if this helps you, I can provide you the exclusion that you can provide in the proxy server that can allow SAE to retrieve ratings behind NTLM user authentication mode.
These are HTTP authentication modes. Basic mode send credentials in plain text and hence not considered to be safe. So you should not use Basic mode for production use.
NTLM sends credentials in encrypted format though it is also not a recommended method since it uses older encryption methods which are not very secure. But due to various compatibility reasons this is one of the most used authentication method in the field.
That's why rather than changing auythentication mode to Basic so that SAE can work we would recommend adding exclusions in your proxy for SAE to bypass authentication but keep mode to NTLM.
You can whitelist sae.gti.mcafee.com in your proxy. Only case where this might not be sufficient is the time when SAE is trying to reach based on IP address whereas your proxy has domain name exclusion and is not able to resolve the IP. In that case you can carry "nslookup saelist.gti.mcafee.com" and exclude all the IPs this service will return. These IPs are dynamic in nature. Though these should remain static for most of the purposes.
You you please explain me one more thing??..
If i'm able to do nslookup for saelist.gti.mcafee.com from client nodes, then will it be able to show proper ratings(will sae will work properly)??...