The default deny component of a service policy matching a default deny I believe should not be matched against the last service policy in a list. Depending on how the action is crafted in the service policy this leads to inconsistent logging as a service policy will appear overly busy but it has not matched a rule created by a customer but the default deny rule simply because it is the last service policy in the list