Reports showing action allowed to malicious sites while the policies on web gateway are blocked
As a daily task we generated a daily report based upon top ten categories, and were surprised to find that the report contained "njnj.redirectme.net" entry which belongs to Malicious downloads category.
Then we added the actions column into the reports and found that it was showing allowed. We then checked into the webwasher category actions and found that the category is blocked for all the policies.
After checking directly into the access.log, we found that the entries for the above website were followed by trend micro antivirus. The client is using TRend micro antivirus.
We also checked accessing the same website directly from the client browser, for whom its showing allowed in the action, the site got blocked and showed the right category.
Can some one please let me know what exactly might be going on in the backend.