diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro
index b920912f11..410ed9edfe 100644
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@@ -138,6 +138,9 @@ event Known::host_found(info: HostsInfo)
 	if ( use_host_store )
 		return;
 
+	if ( info$host in Known::hosts )
+		return;
+
 	Cluster::publish_hrw(Cluster::proxy_pool, info$host, known_host_add, info);
 	event known_host_add(info);
 	}
diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro
index d737c9bad0..7a829214c1 100644
--- a/scripts/policy/protocols/conn/known-services.bro
+++ b/scripts/policy/protocols/conn/known-services.bro
@@ -159,6 +159,9 @@ event service_info_commit(info: ServicesInfo)
 	if ( Known::use_service_store )
 		return;
 
+	if ( [info$host, info$port_num] in Known::services )
+		return;
+
 	local key = cat(info$host, info$port_num);
 	Cluster::publish_hrw(Cluster::proxy_pool, key, known_service_add, info);
 	event known_service_add(info);
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index 25365eb4b4..e45a243dfd 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -127,6 +127,9 @@ event Known::cert_found(info: CertsInfo, hash: string)
 	if ( Known::use_cert_store )
 		return;
 
+	if ( [info$host, hash] in Known::certs )
+		return;
+
 	local key = cat(info$host, hash);
 	Cluster::publish_hrw(Cluster::proxy_pool, key, known_cert_add, info, hash);
 	event known_cert_add(info, hash);
@@ -140,6 +143,7 @@ event Cluster::node_up(name: string, id: string)
 	if ( Cluster::local_node_type() != Cluster::WORKER )
 		return;
 
+	# Drop local suppression cache on workers to force HRW key repartitioning.
 	Known::certs = table();
 	}
 
@@ -151,6 +155,7 @@ event Cluster::node_down(name: string, id: string)
 	if ( Cluster::local_node_type() != Cluster::WORKER )
 		return;
 
+	# Drop local suppression cache on workers to force HRW key repartitioning.
 	Known::certs = table();
 	}