Insight makes a decision on the file based on reputation data in Symantec's database. Ideally, the best way would be to add the web domain. It sounds like you've done this though.
If you go into the Risk log in the SEPM you should have the option to add the file to the policy from here...
Did you verify the client policy serial matches what's in the SEPM?