Why are dated WildFire-virus signatures triggering threat logs when using WildFire Real-time schedule?

• PAN-OS 10.0 or Later 
• WildFire Real Time signatures
• Threat logs

1. When using the WildFire Real-time signatures sometimes the WildFire signature appears "n/a" when viewed in Threat Vault .  Most likely when a WildFire signature has been cycled out to free up space on the device for more current emerging malware signatures.  
2. If the signature has been cycled out in a normal update schedule (not using Real-time) it won't trigger. However, when using the Real-time WildFire schedule this is expected behavior and a benefit of the Real-time signatures.
3. This is one reason why an older signature is triggering WildFire-virus threat logs but showing "n/a" in Threat Vault. 
4. Real-time signatures has a query component where the firewall is free to request a specific signature pattern out of band based on the traffic activity it sees.
5. This is an enormous benefit of the Real-time Signature system wherein a firewall can eventually customize its signature cache by requesting whatever patterns it needs.
6. As long as a signature is not disabled/deleted and in a cycled out status on the WildFire public cloud, it will be available for the firewall to query.

GUI: Device > Dynamic updates > WildFire >  Schedule Real-time