We work in environment where we also have development team and they work on various tools for development SDK's, many times they need to access internet with minimal restrictions, I mean to say like the development sites while keeping the blocked categories in place which are for ' entertainment, social networking etc ' as per policy of company.
In this case how we can treat developers so there tools can go to internet with out problems but at the same time they are also protected from web gateway from internet threats of malware, spyware. I don't want to create something with stop cycle which by passes every thing in web gateway because if I do like this, there is no purpose of using gateway but I want to have minimal restrictions for development staff group.
that's a tough question - maximum security with minimal restriction.
What first comes to mind is that you should probably rethink the workflows in your org to. Do developers need to download tools? If yes can you put these tool on to a central internal server where your folks can get them from? Does every developer really need to download the latest eclipse SDK individually for example?
If your people need to test their tools with external server, you might want to exempt test lab networks.
You also might want to review the policy worst case and create policies that would just block explicit content and allow a broader access.
You could work with coaching as well and tell people that, while generally prohibited, they can access the resource if business reasons force them to.
You could think about only scanning downloads of certain sizes
There is really no gold answer to your question - sorry!