We have many internal .NET and JAVA applications that receive their proxy settings from the same location as Internet Explorer. The problem is that the applications are unable to correctly read the proxy.pac file and even though we have defined that internal traffic does not use the proxy, these applications do go through the proxy. We are requiring authentication when using the proxy which causes these applications to fail. How can I get around this?
I have done some testing on excluding authentication by URL, which worked, but is not a good long term solution because I don't want to manage this on a case by case basis.
From the sounds of it there are two issues occurring:
1. Applications are not able to parse the proxy.pac file, resulting them to pass through the proxy for internal sites, which is unwanted behavior
Perhaps other peers on the Community can shed light on behaviors observed with applications not parsing the proxy pac properly.
2. Need to exampt those applications from authentication on a wider scale
This is outlined in a KB article on kc.mcafee.com, if you are a registered user, search for 'KB64005'. This article outlines how to exempt URLs or Applications from authentication. In your case you have stated that you are already exempting URLs from auth, but in this case you may be able to do it based on the User-Agent, you will just need to find the User-Agent string for which that application uses. This can be found in the access log, which can be viewed under Reporting > View Log Files, then click the view icon for the desired access log.
As a side note, when using the KB, on step 4, bullet point 1, use User Name, instead of Group Name.