This is an issue in the Add-on 6.0.2. According to the folks at PAN, it will be fixed in 6.0.3. The current workaround solution is by modifying the following file:
In that file, find the line that reads:
EVAL-category = threat_category
I believe it is line 76. Change the line to this:
EVAL-category = if(log_subtype=="url" OR log_subtype=="file", raw_category, threat_category)
Then restart Splunk to put the change into effect.