When testing the Advanced Threat Protection software, you download an Insight or malware test file multiple times to test network detection. When you review the Events, you only see one or two events for the download.
This is expected behavior for the Advanced Threat Protection platform. There is no gap in detection, the Event is simply only reported once.