BloxOne Endpoint bypass in combination with FQDN and a probe token, are used by BloxOne Endpoint to identify that Endpoint is on-prem and is following the configured on-prem policies. To verify BloxOne Threat Defense Cloud probe responses, BloxOne Endpoint periodically sends DNS queries from a non-resolvable probe domain to default resolvers to avoid the possibility of “spoofed” responses. In cases where a domain is not expected to resolve, then any subdomains of the domain will also not resolve. For instance, if some-domain.com is configured as a probe domain, then mail.some-domain.com would also not resolve.
...