1. Content that should be blocked is downloadable by a browser.
2. Images or text content might be missing from an allowed page.
3. A script error might be indicated in the lower left corner of the browser on an allowed page. 
4. Some menus on an allowed page might not function.

1. Caching
2. Content received from multiple web hosts

Using logs, it is possible to determine if cached content is provided to the user. 
If an object is served from a cache, there will be no record of the request in the logs. 
In order to see all transactions, it may be necessary to temporarily change the logging settings. 
Please note that increased logging can reduce performance, so it is important to change the logging settings back to their previous values when troubleshooting is complete.

The systems administrator should be aware of all caches that might prevent requests from reaching the scanner. 
The administrator should also know how to manage these caches. 
Common caches include:

1. A network caching solution, such as ISA or Blue Coat, that is located between the Finjan system and the browsers.
2. The browser's own cache - In order to completely clear this cache, it may be necessary to first exit all browser instances.
3. The JVM's cache - Sun's Java Virtual Machine maintains its own applet cache that is separate from the browser's cache.  This cache can be managed by double-clicking the Java Plug-in icon in Windows' Control Panel and selecting the Cache tab.
4. Vital Security NG's built-in Security Caching - To disable this, navigate in the Management Console to Settings -> Content Processors -> Security Caching and unselect the Enable Caching checkbox.

When the Finjan system is implemented in proxy mode, one way to determine if a policy change took effect is to configure a browser to proxy directly through the Finjan proxy. 
This will eliminate the possiblility of interference from any network caching solutions. 
If a browser having a clear cache and configured to proxy directly to the Finjan system continues to receive the wrong policy, then the policy should be inspected once more. 
In environments that utilize different user policies, please verify that the correct policy is assigned to the test browser.

Content received from Multiple Web Hosts
Even if the URL list entry matches the website shown in the browser's address bar, it is important to note that many web pages are built from content that comes from several websites. 
For example, on a news site, the initial links on the page might come from one server, while the dynamic content (links to new articles) might come from a different server in a completely different domain. 
Again, the logs should reveal which sites are involved in the transaction. 
As with caching, it may be necessary to temporarily increase the logging level to track the transactions associated with the web page. 
Once the all of the involved sites have been identified, the logs can be returned to their former settings and the policy can be modified appropriately to allow the desired page.

VSOS
8.3.x
8.4.x
8.5.0