When Sky ATP receives a file that it has not seen before, it will provide a verdict of -1, initially, as it scans the file through multiple AV and other engines. Once the file has been fully diagnosed, an updated verdict will be provided and sent to your SRX. In your logs, you should notice an updated verdict for this specific file.
from Sky ATP Admin Guide,
https://www.juniper.net/documentation/en_US/release-independent/sky-atp/information-products/pathway-pages/admin/sky-atp-admin-guide.pdf
Cache Lookup (page 9)
When a file is analyzed, a file hash is generated, and the results of the analysis are stored in a database. When a file is uploaded to the Sky ATP cloud, the first step is to check whether this file has been looked at before.
If it has, the stored verdict is returned to the SRX Series device and there is no need to re-analyze the file. In addition to files scanned by Sky ATP, information about common malware files is also stored to provide faster response.
Cache lookup is performed in realtime.All other techniques are done offline. This means that if the cache lookup does not return a verdict, the file is sent to the client system while the Sky ATP cloud continues to examine the file using the remaining pipeline techniques.
If a later analysis returns a malware verdict, then the file and host are flagged.
Sky ATP assigns a number between 0-10 to indicate the threat level of files scanned for malware and the threat level for infected hosts. See Table 4 on page 11.