Anti spyware profile with inline cloud enabled we noticed that we are receiving log entries which have Severity High and Action Allow.

• Anti-spyware profile with inline cloud-enabled.
• We noticed that we were receiving an extremely high amount of threat log entries that have Severity High and Action Allow.

• In config, it's defined in the profile that it should be "Reset-Both".

• PANOS >= 10.2
• NGFW that supports inline cloud analysis. 

1- Software issue ( PAN-261019 )

• While the firewall was processing the benign verdict, a particular service was not being deleted. When the Max latency timeout kicked in, a threat log was generated because of the leftover service.

2- legitimate latency issues.

• the network conditions and the cloud's geographical location

• PAN-261019 Fixes the software issue. Please refer to the PAN-OS release notes for the fix.
• If this issue is observed for all the URLs, then the customer is advised to increase the latency and to check the stability of the connection to the cloud.

• Depending on the network conditions and the cloud's geographical location, you can increase the latency and monitor the threat logs. If very few occurrences or nothing is getting logged, it means latency is fine now.
• "Allow on Max Latency" is checked  <<  Source of the allow.
• "Log Traffic Not Scanned" is checked  <<  Source of the threat log. Without this option, the threat logs will not be generated when the latency condition is violated.

Cloud deployments across the globe ( choose the nearest ):
https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/configure-the-content-cloud-fqdn-settings
Feature details:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-new-features/content-inspection-features/inline-cloud-analysis