Hi Chakuttha,
As you know, 407 messages are for proxy authentication challenges. Depending on the authentication mechanism in place, there will 1 or 2 authentication response of 407 could occur per web request which needs authentication to get through. For Basic or Kerberos authentication, the number of 407's will be 1 when NTLM will need two 407s to complete authentication. I have extracted an access-log entry from your log file and it shows the two 407s I am mentioning.
2017-12-15 16:19:26 1 172.23.8.212 - - authentication_failed DENIED "o356;Non-Viewable/Infrastructure" - 407 TCP_DENIED CONNECT - tcp sls.update.microsoft.com 443 / - - - 172.16.1.188 306 85 - "Microsoft Update" "Update Software"
2017-12-15 16:19:26 2 172.23.8.212 - - authentication_failed DENIED "o356;Non-Viewable/Infrastructure" - 407 TCP_DENIED CONNECT - tcp sls.update.microsoft.com 443 / - - - 172.16.1.188 489 174 - "Microsoft Update" "Update Software"
2017-12-15 16:19:26 4 172.23.8.212 v05082$ - policy_denied DENIED "o356;Non-Viewable/Infrastructure" - 403 TCP_DENIED CONNECT - tcp sls.update.microsoft.com 443 / - - - 172.16.1.188 184 738 - "Microsoft Update" "Update Software"
All the three request is see is for a single attempt of an application to get through the ProxySG. Two 407s are for authentication based on NTLM and 3rd one is the Denial as the client got authenticated with its machine account (Not user account).
The authentication method used is Proxy-IP but I don't see the Auth best practise in place. Do have a check on article https://support.symantec.com/en_US/article.TECH242310.html and add the attached file (in the article) to your local policy file.