I see the error “Not inspected because of Zscaler best practices” when I try to dowload a test malware from Palo Alto that in HTTPS on Zscaler cloud two? Has any seen this and is there any known bug/issue as I see that Zscaler does not publish much info for known bugs/issues for ZIA (for ZPA they publish)?
Test Malware file:
When the file is not in HTTPS the Zscaler Sandbox detects it but when it is in HTTPS it does not decrypt the traffic and I tried everything like making an SSL policy before the exmption list, dissabling the exemption list etc?
Afterr looking the issue with someone that works from Zscaler and has access to the backend servers it seems that the wildfire https test site triggers an SSL client cert request ( SSL Client Certificate Authentication) and because of this Zscaler is automatically bridging the SSL connection without decryption. You can block ssl traffic that can not be decrypted but Zscaler needs to change the message “Not inspected because of Zscaler best practices” to something like “Client side SSL certificate request”.
Still it will be good to have the option to upload client side SSL certificates in the Zscaler ZIA GUI for sites that need them.