diff --git a/NEWS b/NEWS
index 5c98a28644..e78b1e4e51 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,13 @@ New Functionality
 - File analyzers can now raise analyzer violations to the script-layer via
   the new AnalyzerViolation() method.
 
+Changed Functionality
+---------------------
+
+- Violations for packet analyzers that have sessions attached with them
+  will be raised once only. Further, analyzer confirmations are not raised
+  after a violation.
+
 Deprecated Functionality
 ------------------------
 
diff --git a/src/packet_analysis/Analyzer.cc b/src/packet_analysis/Analyzer.cc
index d982ebcabc..91653c788c 100644
--- a/src/packet_analysis/Analyzer.cc
+++ b/src/packet_analysis/Analyzer.cc
@@ -189,6 +189,10 @@ void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag
 	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::CONFIRMED )
 		return;
 
+	// If this session violated previously, we don't allow through a confirmation.
+	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+		return;
+
 	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::CONFIRMED);
 
 	if ( analyzer_confirmation_info )
@@ -238,6 +242,9 @@ void Analyzer::AnalyzerViolation(const char* reason, session::Session* session,
 	{
 	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
 
+	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+		return;
+
 	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::VIOLATED);
 
 	if ( analyzer_violation_info )