With HTTPS inspection configured, outbound certificate installed on the client, and manual exception for software update category defined:
I am observing that some sites that should really not be permitted without inspection actually are:
While some are working as expected:
I have tried this setup with and without URLF and APPC blades enabled.
Any ideas as to the cause?