you can use several properties to bypass this. As i can see this are HTTPS sites. Are you inspecting SSL traffic?
If no MWG cannot inspect, this means the HTTP information is not available for MWG. Without SSL inspection MWG only sees the Connect Request and not any property is filled with information.
If SSL inspection is active you can use properties like
- URL.host belongs to
- URL Category
And much more. You can use the "Stop Ruleset" to bypass one ruleset or the "Stop Cycle" Action to bypass the rest of your ruleset.