Method to allow Software Updates in ZIA

Is there an easy way in Zscaler ZIA to allow endpoints (not using Zapp just GRE Tunnel) to allow software updates from specific vendors? Right now we have blocked those categories and file types, but we want to allow updates from Chrome and Adobe. Obviously it’s difficult to figure out all the URL’s etc. to whitelist so I was wondering if there was any inbuilt feature that ZScaler had to allow those but block others. If that feature existed!

If the updates are browser-based, you can get a HAR file on a working update connection to see the sites it hits.
We have a har file analyzer at which you can feed the file into to see what to exclude from authentication and decryption as well as file inspection (our server does not require authentication nor does it save your data).

I’ve never heard of a HAR file before. It has obviously has some risks with uploading these types of files but I can see how useful it would be.

Google also offers a HAR analyzer in their G-Suite toolbox: