You are going to have to provide some pictures of your rule set.
How are you bypassing large files? There are a few ways to do this.
Are you authenticating users?
No authentication at this point (to keep it simple for troubleshooting the basics).
Cache bypass using: header.response.get "content.lenght"
Progress bypassed using: the same as the above, but this creates a user.defined.key that I use to bypass the Antimalware rule.
(Added rules to original post)