Malicious traffic does not update in the Advance Threat Protection (ATP) User INterface (UI) dashboard under Endpoint detection's.
When reviewing the logs please look for OutOfMemory(OOM) to determine if the issue is occurring.
This issue will be fixed in the ATP 3.0 release. Please update to this build once it has been release. If you are not able to wait then then a hotfix can be applied. Please open a Support case to have the hotfix implemented.
Note: Tier 1 please see Internal notes and engage your Tier 2.