If traffic log at session 'start' is enabled then there will be logs seen with incorrect security rule.
For exacmple, a general outbound Trust to Untrust allow any application security rule exist (lower in the order)
A rule exists up in the order 'OTS_Allow_Microsoft_Licensing' to allow only selective URLs.
The security rules are scanned from top to bottom.
When the traffic is received, first security rule in the order will be matched to allow traffic while firewall is still identifying the correct URL and matching security rule.
The session brower or CLI will show correct matching rule.
However the traffic log at 'session start' (pic) will show a non-matching rule. However keep in mind that the traffic is still not allowed.
The traffic log at 'session end' will show the correct rule which allowed the traffic.