The earliest recollection of this bug is traced back to PAN-OS 8.1.17 - January 08, 2024. This bug is fixed in PAN-OS versions 9.1.5, 8.1.17. Fixed an issue where the Host Evasion Threat ID signature did not trigger for the initial session even after the DNS response was received before the session expired. For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-17-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-5-addressed-issues