That is correct, it is not turned on by default. But if you do turn it on, the list provided as standard for the Gateway by McAfee (Trellix, SkyHigh) has a list of included Geolocations to block. In that list .CL is iincluded.

can you provide a list or a rule that you're reffering to? Maybe a screenshot?

Blocked Country Code List (Blocked Country Codes) from supplied Rule Set downloaded from MWG Libraries. 

I don't have such a list 🙂

It can be US specific.

Do you mean Lists > add List > list content is managed remotely > Skyhigh Security Supplied list ?

It may be that now,  Also mine is on site. Yes this is a list that is downloaded from their library.

ok, found it under RuleSet Library > URL Filter > Geolocation. This ruleset contain an empty list called "Geolocation: Blocked Countries" with a comment "This is an arbitrary list of blocked countries. Please enter the country code in ISO 3166 notation." 

The list is empty. This is a fresh 12.0.0-42686 install. You can have some older version or the ruleset comes from an older version. 

Based on the comment, it seems like somebody by McAfee just choosed some countries arbitrary as an example.

See attached screenshot.

Honestly, I do not think that the list is arbritary. I believe it is based on data that at some point deterimed the included locatations were at some point significant threat sources. Russia, China, Côte d'Ivoire (419 Scam phish origin) and many others in the list make great sense to block as they continue to be high on the list of threat, malware, scam and other attack origins.  

It sure would be great if someone from the Vendor provided some feedback on this.

But I appreciate your research.