Policy Reasons

This article provides an explanation of the policy actions that are seen in Insights and NSS reports.

Policy Reason Feature Description
Access denied due to bad server certificate SSL The transaction to an SSL site was blocked due to a server certificate validation failure.
Allowed N/A The transaction was allowed.
Allowed - No Active Content Sandbox The file was allowed for download. It was found to be benign and have no active content based on the inline Sandbox static analysis.
Allowed and archived to mailbox DLP The transaction violated a DLP policy rule, but it was allowed. An email was sent to the auditor's mailbox.
Allowed and archived to mailbox failed DLP The transaction violated a DLP policy rule, but it was allowed. Failed to send an email to the auditor's mailbox.
Allowed and No Scan Sandbox The file was allowed for download because a Sandbox policy had the First Time Action of Allow and Do Not Scan.
Allowed due to override URL Filtering The transaction was blocked initially but was allowed after the override password was entered.
Blocked by Default URL Filtering URL Filtering The transaction was blocked by the default URL Filtering policy.
Blocked due to Server Probe Failure SSL Block Undecryptable Traffic in Policy > SSL Inspection is enabled and the Zscaler service was unable to make a server-side connection.
 
Cautioned the use of this Social Network/Blogging site Cloud App Control Due to a Cloud App Control policy restricting access to Social Networking and Blogging cloud apps, the transaction was cautioned.
Cautioned to post message to this site Cloud App Control Due to a Cloud App Control policy that restricts the user from posting content to Social Networking and Blogging cloud apps, the transaction was cautioned.
Cautioned to upload media files to this site Cloud App Control Due to a Cloud App Control policy that restricts the user from uploading a file to Streaming Media or File Sharing cloud apps, the transaction was cautioned.
Cautioned to use this File Share site Cloud App Control Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was cautioned.
Cautioned to use this Webmail site Cloud App Control Due to a Cloud App Control policy that restricts access to Webmail cloud apps, the transaction was cautioned.
Communication with ad sites Mobile Malware Protection The transaction was generated by an application that communicates with ad sites and was blocked by Mobile Malware Protection policy.
Communication with unknown servers Mobile Malware Protection The transaction was generated by an application which communicates with unknown third party servers and was blocked by Mobile Malware Protection policy. 
Country block outbound request: not allowed to access sites in this country Advanced Threat Protection Access request to a country was blocked due to an Advanced Threat Protection Suspicious Countries policy.
Custom reputation block outbound request malicious URL Advanced Threat Protection The destination in the request is part of your Blocked Malicious URLs list and the transaction was blocked.
Denied  N/A

You might see Denied when the server sends non-HTTP traffic over an SSL connection and Block Undecryptable Traffic  in Policy > SSL Inspection is enabled.

It is also used when a block for the cloud app category Collaboration & Online Meetings is detected with deep packet inspection (DPI).

DNAT with redirect to FQDN failed  Firewall Filtering  The transaction was blocked due to an unreachable FQDN in a NAT Control rule.  
Fake Proxy Authentication N/A  Used if the server sends a 407 response code (Proxy-Authenticate) for remote users. This is done as the server is asking the service to disclose authentication information.  
File Attachment not allowed  Cloud App Control  An attempt to attach a file to an email on a webmail application was blocked due to a Cloud App Control policy. 
Filetype download cautioned  File Type Control  The file download was cautioned due to a File Type Control policy. 
Filetype upload cautioned  File Type Control  The attempt to upload the file was cautioned due to a File Type Control policy match. 
Filetype upload/download cautioned  File Type Control  The attempt to upload or download a file was cautioned due to a File Type Control policy match. 
FTP access is blocked by a firewall policy  Firewall Filtering  Access to an FTP Network Service or Network Application was blocked due to a Firewall Filtering rule. 
Information identifying the device  Mobile Malware Protection  The transaction was generated by an application which shares device information and was blocked by Mobile Malware Protection policies. 
Insecure user credentials  Mobile Malware Protection  The transaction was generated by an application which transmits user credentials in clear text and was blocked by Mobile Malware Protection policies. 
Internet access cautioned  URL Filtering   The transaction was cautioned due to a URL Filtering policy. 
IPS block inbound response: adware/spyware traffic Advanced Threat Protection Adware or spyware traffic was detected in the response and blocked by IPS.
IPS block inbound response: anonymization site Advanced Threat Protection Access to anonymization sites was blocked in the response by IPS.
IPS block inbound response: botnet command and control traffic Advanced Threat Protection Botnet command and control traffic was detected in the response and blocked by IPS.
IPS block inbound response: malicious content Advanced Threat Protection Malicious content was detected in the response and blocked by IPS.
IPS block inbound response: page contains known browser exploits Advanced Threat Protection Known browser exploits were detected and the access attempt was blocked by IPS.
IPS block inbound response: page contains known dangerous ActiveX controls Advanced Threat Protection Known dangerous ActiveX controls were detected in the response and blocked by IPS.
IPS block inbound response: phishing content Advanced Threat Protection Potential phishing content was detected in the response and blocked by IPS.
IPS block inbound response: webspam traffic Advanced Threat Protection Web spam traffic was detected in the request and blocked by IPS.
IPS block inbound response. IRC use/tunneling Advanced Threat Protection IRC use or tunneling was detected in the request and blocked by IPS.
IPS block inbound: file contains known vulnerabilities. Advanced Threat Protection The attempt to download a file was blocked by IPS because it was found to have known vulnerabilities.
IPS block outbound request: adware/spyware traffic Advanced Threat Protection Adware or spyware traffic was detected in the request and blocked by IPS.
IPS block outbound request: botnet command and control traffic Advanced Threat Protection Botnet command and control traffic was detected in the request and blocked by IPS.
IPS block outbound request: browser cookie theft Advanced Threat Protection The request to the site was blocked because the site was detected to potentially steal browser cookies by IPS.
IPS block outbound request: cross-site scripting (XSS) attack Advanced Threat Protection The site was detected to be vulnerable to XSS attacks and the request was blocked by IPS.
IPS block outbound request: IRC use/tunneling Advanced Threat Protection  IRC use or tunneling was detected in the request and blocked by IPS. 
IPS block outbound request: page contains known browser exploits Advanced Threat Protection Known browser exploits were detected and the transaction was blocked by IPS.
IPS or Reputation block: Crypto Mining traffic Advanced Threat Protection Cryptomining traffic was detected and blocked by IPS.
Known security vulnerabilities  Mobile Malware Protection  The transaction was generated by an application which has known security vulnerabilities and was blocked by Mobile Malware Protection policies. 
Location information leak  Mobile Malware Protection  The transaction was generated by an application which shares location information and was blocked by Mobile Malware Protection policies. 
Malicious behavior  Mobile Malware Protection  The transaction was generated by an application which is known to be malware and was blocked by Mobile Malware Protection policies. 
Malware block: malicious file Malware Protection  The download attempt of malicious content or files was blocked due to a signature match by the inline antivirus engine. 
Not allowed because URL is blacklisted  Advanced Threat Protection  The transaction was blocked because the URL, domain, or IP address matched the custom Blocked Malicious URLs in Advanced Threat Protection policy. 
Not allowed during this time of day  Cloud App Control, File Type Control, URL Filtering  The transaction was blocked by a policy which restricts access to internet resources based on time of the day.   
Not allowed the use of this business site  Cloud App Control  Due to a Cloud App Control policy that restricts access to business cloud apps, the transaction was cautioned. 
Not allowed the use of this Consumer site  Cloud App Control  Due to a Cloud App Control policy that restricts access to Consumer cloud apps, the transaction was blocked. 
Not allowed the use of this enterprise site  Cloud App Control  Due to a Cloud App Control policy that restricts access to enterprise cloud apps, the transaction was blocked. 
Not allowed the use of this Hosting Providers site  Cloud App Control  Due to a Cloud App Control policy that restricts access to hosting cloud apps, the transaction was blocked. 
Not allowed the use of this IT Services site  Cloud App Control  Due to a Cloud App Control policy that restricts access to IT services cloud apps, the transaction was blocked. 
Not allowed the use of this Mobile App Store  Mobile App Store Control   Access to the mobile application store was denied due to Mobile App Store Control policy. 
Not allowed the use of this sales and marketing site  Cloud App Control  Due to a Cloud App Control policy that restricts access to Marketing cloud apps, the transaction was blocked. 
Not allowed the use of this site with personal credentials  URL Filtering  The transaction was blocked due to Google or Microsoft Tenant Restrictions in Advanced URL Policy Settings. 
Not allowed the use of this Social Network/Blogging site  Cloud App Control  Due to a Cloud App Control policy that restricts access to Social Networking cloud apps, the transaction was blocked. 
Not allowed the use of this system and development site  Cloud App Control  Due to a Cloud App Control policy that restricts access to System and Development cloud apps, the transaction was blocked. 
Not allowed to access internet  Locations  Access to the internet, including non-HTTP traffic, was blocked because the user has not accepted the Acceptable Use Policy. This option is set in Locations  > Enable AUP > Block Internet Access
Not allowed to access this file type  File Type Control  The file was blocked due to a File Type Control policy being triggered.  
Not allowed to access to FTP sites  FTP Control  The transaction was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control. 
Not allowed to browse this category  URL Filtering   The transaction triggered a URL Filtering policy which has a Block action.
Not allowed to browse this category, needs override  URL Filtering   The transaction triggered a URL Filtering policy which has a Block action and provides an override option. 
Not allowed to browse this P2P site  Advanced Threat Protection  Access to a known peer-to-peer site was blocked. 
Not allowed to browse with unknown user agent  Advanced Threat Protection  An unknown user agent was detected and the transaction was blocked. 
Not allowed to post message to this site  Cloud App Control  Due to a Cloud App Control policy, an attempt to post content to a Social Networking application was blocked. 
Not allowed to send webmail  Cloud App Control  Due to a Cloud App Control policy that restricts access to sending out emails from webmail cloud apps. 
Not allowed to upload media files to this site  Cloud App Control  Due to a Cloud App Control policy that restricts access to uploading files to Streaming Media cloud apps. 
Not allowed to upload media files to this site  Cloud App Control  Due to a Cloud App Control policy that restricts access to uploading files to File Sharing cloud apps, the transaction was blocked. 
Not allowed to upload/download encrypted or password-protected archive files  Malware Protection  The file was blocked because it was encrypted or password protected and the policy to block Password-Protected Archive Files files was enabled under Malware Protection. 
Not allowed to upload/download files of size greater than configured limit  Bandwidth Control  The user attempted to upload or download a file larger than the limit configured in your policy and the transaction was blocked. 
Not allowed to upload/download files of this type  File Type Control  The attempt to upload or download a file was blocked due to a File Type Control policy. 
Not allowed to upload/download media files of this type  Cloud App Control  Due to a Cloud App Control policy restricting access to Streaming Media cloud apps, the transaction was blocked. 
Not allowed to upload/download media files of this type  Cloud App Control   Due to a Cloud App Control policy, an attempt to upload or download a file to or from a File Sharing cloud app was blocked. 
Not allowed to upload/download unscannable file formats  Malware Protection  The file was blocked because the file format is not supported by Zscaler and the policy to block Unscannable Files was enabled in Malware Protection. 
Not allowed to use Adware/Spyware sites  Advanced Threat Protection  Access to a known adware or spyware site was denied based on the reputation of the destination. 
Not allowed to use FTP over HTTP for upload  FTP Control  The attempt to upload a file was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control. 
Not allowed to use HTTP tunnel  Core Proxy  An HTTP tunneling attempt on a non-HTTP port was detected and blocked as the organization has the option Block tunneling to non-HTTP/HTTPS ports enabled. 
Not allowed to use mobile app  Mobile Malware Protection  A mobile application was blocked due to Mobile Malware Protection policy settings. 
Not allowed to use this browser  Browser Control  The transaction was generated by a browser that is not allowed by Browser Blocking in Browser Control and was blocked. 
Not allowed to use this File Share site  Cloud App Control  Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was blocked. 
Not allowed to use this IM site  Cloud App Control  Due to a Cloud App Control policy that restricts access to instant messaging cloud apps, the transaction was blocked. 
Not allowed to use this Streaming Media site  Cloud App Control  Due to a Cloud App Control policy that restricts access to streaming media cloud apps, the transaction was blocked. 
Not allowed to use this Webmail site  Cloud App Control  Due to a Cloud App Control policy that restricts access to webmail cloud apps, the transaction was blocked. 
Not allowed to use tunnels  Advanced Threat Protection  An unauthorized communication tunnel was detected and blocked. 
PageRisk block inbound response: page is unsafe Advanced Threat Protection The transaction was blocked because the content score of the page exceeded the Page Risk index threshold set by the Advanced Threat Suspicious Content Protection policy.
Personally identifiable information (PII)  Mobile Malware Protection  The transaction was generated by an application which shares personally identifiable information and was blocked by Mobile Malware Protection policies. 
Quarantined  Sandbox  An attempt to download a file was temporarily held due to a Sandbox First Time Action policy set to Quarantine. 
Reputation block outbound request malicious URL Advanced Threat Protection The transaction was blocked because the destination in the request is known to serve malware.
Reputation block outbound request: anonymization site Advanced Threat Protection Access to the destination was blocked due to the destination's reputation to be an anonymizer.
Reputation block outbound request: botnet site Advanced Threat Protection A request was made to a known Command and Control Server and the transaction was blocked.
Reputation block outbound request: phishing site Advanced Threat Protection The transaction was blocked because the request was made to a known Phishing site. 
Reputation block outbound request: webspam Advanced Threat Protection Web spam traffic was detected in the response and blocked by IPS.
Request method cautioned  URL Filtering    An attempt to post content to a webpage was cautioned by a URL Filtering policy. 
Request method not allowed for this category  URL Filtering   The transaction triggered a URL Filtering policy which blocks the POST method. 
Sandbox block inbound response: malicious file Sandbox This file was blocked because it was found to be malicious.
Secure Browsing blocked an outdated/disallowed component Browser Control  An outdated component was detected and the transaction was blocked by the Browser Vulnerability Protection policies.  
Secure Browsing warned about an outdated/disallowed component  Browser Control  An outdated component was detected and the user was warned by the Browser Vulnerability Protection policies.  
Time quota exceeded daily limit  Cloud App Control, URL Filtering  The transaction was blocked due to a time quota associated with a policy. 
Violates Compliance Category  DLP  Due to a DLP policy violation, the transaction was blocked.
Violates Compliance Category, archive to mailbox  DLP  The transaction was blocked due to a DLP policy violation. Email was sent to the auditor's mailbox. 
Violates Compliance Category, archive to mailbox failed  DLP  The transaction was blocked due to a DLP policy violation. Failed to send email to the auditor's mailbox. 
Volume quota exceeded daily limit  Cloud App Control, URL Filtering   The transaction was blocked due to a volume quota associated with a policy. 
Web application is blocked by Firewall rule  Firewall Filtering   Access to the Network Application was blocked because it is part of a Firewall Filtering rule.