Consider the following custom application and application override rule. We have configured a custom application for TCP ports 80 and 443. Application override is happening for traffic to port 80,443 from DMZ to L3-Untrust.
Consider the following decryption rule: Here we are decrypting all traffic coming from DMZ going to L3-Untrust.
If you try to access some https website you will find that the traffic is not being decrypted because of the application override, even if you are doing decryption for everything.
When application override is configured, the Palo Alto Networks firewall stops processing at Layer 4.