HTTPS traffic is hard to classify because once the security connection between the client and the server is established, the exinda cannot remember what the certificate common-name is and it classifies the traffic as HTTPS.
Nevertheless, we could get a sneak peak of the initiation of this connection to find the certificate common-name. If we can manage to go to Monitor-->Real Time, filter the IP involved and see what flows are seen from the beginning of the conversation, one of them might show up as HTTPS followed by a URL enclosed in square brackets. This URL is what we call "common_name" which is the server that is publishing those certificates.
So in order to block this traffic we can create an application object (Under Configuration-->Objects-->Applications) selecting "ssl" as the L7 signature followed by "common_name" and then the url seen in Real Time traffic. Then, create a discard policy by going to "Optimizer" with this newly created application object. For the common_name url, it is recommended to only apply the root domain of the URL or just some part of it and not all (exinda will assume that every url that contains this section will be included in the application object.
Finally, restart the optimizer. Since most of the users already established a connection, this might not work immediately, it will take some time for the client and the server to re-establish the certificate connection and for the worst case scenario, the PCs needs to be restarted for this to work.