With the appearance of profiles associated to various settings, each with its own white lists and blacklists, there may be confusion as to the white lists/blacklists to be applied or whether they have priority over the criteria associated to the profiles. This situation is exemplified the scenario described below.
In this situation, you have the ambiguity that the IP address 18.104.22.168 is defined as an anti-malware trusted site and also associated to a profile. The expected behavior in the event of a connection to this IP, is that it is determined that the user belongs to the prof_marketing profile, and therefore, the conf_marketing configuration is applied instead of the default configuration. As the conf_marketing configuration has no trusted sites defined, the Anti-malware scan will be performed.
As you can see, the list of trusted sites defined in the default configuration will not apply, as the trusted sites are not global; each configuration has their own.
If you want the trusted sites to be applied unconditionally, they have to be defined in all configurations and not just the default configuration.