Siva's reponse is spot-on but I'll add a bit more context for the SWG traffic. There is a hidden implied rule at the end of the policy that is an effective "Accept". Looking at your traffic logs, you can identify these hits in events where the Policy Name is the null value. Additionally, when traffic hits this rule, several other fields tend to log with null values also. You can get around this by creating an explicit rule (you'll have to do All Categories, because it won't let you create a rule without any constraints) that replicates the action of the implied rule (accept).
Here, I'll ask for a bit more clarification before lining up with the prior response. You state that you are malware scanning the upload/download, but you then ask about the site's severity. Are you referring to the CCI rating of the site rather than the scan of the file being transferred?